Just issued my website (www.onlinedailyblog.com) a SSL certificate with Let’s Encrypt… Then I confirmed on an SSL checker to find out that my domain is not secure on all web browser…
So please is there any way this can be sought out?
1 Like
Which "SSL checker"? And what exact problem did it report?
1 Like
SSL SHOPPER.
It Reported:
The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. The fastest way to fix this problem is to contact your SSL provider.
You should probably do that then.
Edit: There seem to be a number of other issues you should fix too:
1 Like
Yeah that’s why am trying to contact Let’s Encrypt developers…
Thanks anyway…
You definitely missed the cert chain.
Depending on the NGINX version, you may be able to provide TLSv1.3
1 Like
This is NOT a development issue.
It is an implementation issue.
Certs typically come with several files.
It is up to you to use the correct files in the correct way.
That said, which files did you get?
And which ones did you use?
This is a false negative - misdirection.
THIS IS THE REAL PROBLEM:
[which should have been provided to you]
1 Like
OK thanks, but can you give me directions on how I can install the intermediate/chain certificate.
We need more information to be able to provide specific directions.
Can you fill in the rest of the new topic questionnaire below?
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
2 Likes
Yes, if you would answer the questions in the previous post (#9) or the ones I asked in post #7:
1 Like
I issued an SSL certificate with Let's Encrypt and confirmed it with an SSL Checker.
The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. The fastest way to fix this problem is to contact your SSL provider.
Chrome (Version: 79.0.3945.79)
Android (Version: 6.0)[quote="mnordhoff, post:9, topic:109216"]
My hosting provider, if applicable, is:
[/quote]
Yes
1 Like
How? What software did you use?
1 Like
That is NOT a command.
What did you type to get the cert?
Chrome is a web browser NOT a web server.
What is the operating system of the web server - where the website is (not your web browser)?
What is "epizy.com"?
2 Likes
The SSL checker is SSL SHOPPER
The control panel is VistaPanel and it has no versions
Does your VistaPanel control panel have some kind of button to click in order to get a certificate from Let’s Encrypt? I’m guessing this is what’s confusing our colleagues here because none of us have used VistaPanel before, so we don’t know how it works or what to expect when using it.
Did you basically just click one button inside the control panel to get a certificate, and then have it set up automatically by the control panel, and then try to check it with the SSLShopper tester? If so, it seems like the control panel itself might not be doing the right thing with the certificates that it obtains.
Yes it does..
.
It gave me access to the private key and the certificate that it generated from Let's encrypt..
And then I manually installed it through my SSL configuration..
After which I checked with an SSL checker.
Is it possible that you lost the intermediate certificate during the import process? Or maybe the VistaPanel feature never gave you the intermediate certificate at all?
The intermediate certificate that's usually used by Let's Encrypt right now looks like this
https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt
and it should normally be pasted along with your certificate when manually importing a certificate (either right after your certificate or in a separate input box, depending on how the import feature is structured). I would hope that the tool that generated the certificate would have given you this, but it might not have.
(Edit: for the time being, you could use that one, which is sure to be correct for Let's Encrypt certificates that were issued over the past couple of years.)
If this doesn't help, could you maybe show us a screenshot of the manual import feature that you used?
Then It produced a private key and certificate which I copied and pasted here::
[redacted]