Ssl certificate not accepted as trusted on some browsers

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: I've setup using certbot with nginx

It produced this output:
some browsers not recognizing

My web server is (include version): nginx 1.18.0

The operating system my web server runs on is (include version):
ubuntu 21.10
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.27.0

Welcome @parmonov98

Your server is sending a valid cert using the "long chain". This forum site also uses that chain. Can that browser visit this site without the error?


You may be having trouble because the "www" is not on the same cert. |
Two certs have been issued independently.
One for:
One for:


I've setup a and redirected non-www to www.
the same issue with the same browsers on Mac.
I think there's an browser-specific issue which I don't see.

What version of macOS is this? For Safari you need to be running macOS 10.12.1 or higher. Older macOS versions require manual configuration.


Great that fixes any DNS issues...
Now, are you using a cert that covers both names?
Individually covering each name with a corresponding cert?

1 Like

I used a cert like this in nginx.

Let's see what that actually covers, with:
certbot certificates

1 Like

SSL Server Test: (Powered by Qualys SSL Labs)
SSL Server Test: (Powered by Qualys SSL Labs)

1 Like


1 Like

Ok, so I repeat myself (with my first post):

1 Like

I how to merge them? I just followed instruction on certbot official website.
Can u point in the right direction?
or to setup properly?

but what I remember before setting up www. The issue used to exist.

There might be more than one issue...

Certs can't be merged.
You need to get a new cert for both names.

Not sure how to advise you; as you stated:

other that to say: Include both names in the cert request - not one name at a time.

After we fix this issue, we can tackle the next (and for as many as you may have).

1 Like

after expanding ssl for both using sudo certbot (E)xpand option
got all green for

I use this site to check my CSRs and Certs
Looking at the CSR Subject Common Name (CN) (i.e. Subject:) (SSL Server Test (Powered by Qualys SSL Labs) labels it Common names)
and the CSR Properties SANs (i.e. X509v3 Subject Alternative Name:, DNS:) (SSL Server Test (Powered by Qualys SSL Labs) labels it Alternative names)

1 Like

compared as you said.
cert is the same for both name

I used certbot, and I don't know what to put in there?
've got 2 files here

which one should I use to check?

I've deleted the second cert for www one.
What is the next thing to fix ?

Absolutely NOT EVER the privkey.pem NEVER NEVER NEVER!

The first certificate in the fullchain.pem should be what you are looking for.

1 Like

Here is another place to look for issues with ones website
in your case

1 Like