Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:www.quintic.co.uk
I ran this command:
It produced this output:
My web server is (include version):Apache2 v2.4.10
The operating system my web server runs on is (include version):Raspbian Version 8
My hosting provider, if applicable, is: N/A
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot-auto 0.34.2
Question:
I have installed the letsEncrypt Certificate and the Apache2 config file has been updated with the following lines:
SSLCertificateFile /xxxx/fullchain.pem
SSLCdertificateKeyFile /xxx/privkey.pem
and the site does operate https.
However when I check the site using https://www.sslchecker.com/sslchecker it reports that I am missing a root certificate.
The root certificate should be missing. The idea behind root certificates is, is that the client has all the valid root certificates stored in its “root certificate store”. It is useless to also send this root certificate with the TLS connection. In fact, it would only slow it down.
So I don’t know why that SSL checker marks it as “red”, like it was wrong. It isn’t.
Good to know that everything is operating correctly. I had read the documentation on the Let’s Encrypt web site regarding Root Certificates, and whilst I cannot say I fully understood everything, I did take in that I should not need to install a Root certificate which is why I could not understand why sslchecker was reporting an issue.