[Solved] Certificate Not Trusted


#1

Hello,

I’m using an Apache2 Webserver (2.4.7), and apparently the Let’s Encrypt certificate isn’t trusted for several browsers.
Here is my configuration configuration file for the HTTPS:

`<VirtualHost *:443>
ServerAdmin contact@domain.com
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot /home/Web/domain/web

ErrorLog ${APACHE_LOG_DIR}/domain.com/mainssl-error.log
CustomLog ${APACHE_LOG_DIR}/domain.com/mainssl-access.log combined


<Directory /home/Web/domain/web>
  AllowOverride All
  Allow from all
</Directory>


SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem

`

How would I be able to make the website trusted ?
Thanks !


#2

Hello @RaJiska,

You need to add the intermediate certificate to your apache conf, as you are using Apache 2.4.7 you need to add this directive pointing to chain.pem certificate.

SSLCertificateChainFile /etc/letsencrypt/live/domain.com/chain.pem

Edit: Just for the records, from Apache 2.4.8 on, directive SSLCertificateChainFile has been deprecated and you should use the fullchain.pem certificate that includes your cert and the intermediate cert in the directive SSLCertificateFile:

SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem

Cheers,
sahsanu


#3

Hello’ @sahsanu,

Sorry for the late response but had troubles making it work.
Was struggling to get past the past an error message:

[error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] (/etc/apache2/sites-enabled/domain.com.conf:52)

It was because I was removing ‘SSLCertificateFile’ for ‘SSLCertificateChainFile’ while both were needed. My bad.
Anyway, thank you very much, it did the trick, and thanks for your note about Apache 2.4.8, will definitely be helpful in the future !

Here is my SSL config for people facing the same troubles:

`ErrorLog ${APACHE_LOG_DIR}/domain.com/mainssl-error.log
CustomLog ${APACHE_LOG_DIR}/domain.com/mainssl-access.log combined

<Directory /home/Web/domain/web>
AllowOverride All
Allow from all

SSLEngine on
SSLOptions +StrictRequire

SSLCertificateChainFile /etc/letsencrypt/live/domain.com/chain.pem
SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem`

Thanks again !