Some people don`t have errors, but Some people have an error


#1

Sorry for my short language skill.(Im Korean) Website : comp.ajou.ac.kr Hi. My server is using Let's Encrypt. I appreciate using your SSL. I updated certificate 2018/02/28 and I have used my server with no errors. However member of my group told me that he had a certificate error with Chrome. I asked other members to enter website. Some members do well, but some members told me same error. It is strange happen. I entered website with my cellphone(Samsung galaxy S7), I had a error with 'samsung internet' application(fundamental application), but no error with Chrome application. My friend told me that he experienced same situation last year and he just waited and suggested other people to enter with another browser. So I dont have any good method… Could I get a advice??


#2

The web server isn’t configured fully correctly. It should serve both the website’s certificate and the Let’s Encrypt intermediate, but it’s not. It will work in clients that work around the issue, and fail in other clients.

Please provide more information about the setup.

If you’re using Apache 2.4.7 and Certbot, for example, you need to change:

SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem

to:

SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem

In other words, add SSLCertificateChainFile pointing to chain.pem.

Other ACME clients will have different names for the files.


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#3

Here is a longer thread discussing this problem (which fully agrees with @mnordhoff’s explanation and advice):

There was a recent change that’s caused more people to encounter browser errors as a result of sites that are misconfigured this way.


#5

Thank you. I will read it.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.