many of clients are not able to access my website
My domain is: https://server3.webapp.org.in
My web server is (include version): Tomcat 9
The operating system my web server runs on is (include version): Windows Server 2012
My hosting provider, if applicable, is: Self Hosted VPS Server
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): win-acme.v126.96.36.1999.x64.trimmed
Welcome to the Let's Encrypt Community, Ajay
I have constructed the certificate chain file that you need. It is R3 signed by ISRG Root X1 and ISRG Root X1 signed by DST Root CA X3.
Download it from here:
chain.pem (3.7 KB)
This discussion provides a great explanation of the modern way:
This official guide provides the directives you need:
Pay special attention to:
If you use certbot:
The win-acme files should map similarly.
You need to use the correct files for your Tomcat configuration, in this case the
-chain.pem file and
If you just use the .crt file you won't be serving the intermediate certificates required for the chain.
Good observation, @webprofusion. I missed the win-acme part. The mapping to the Tomcat settings should still hold though.
Thank you for your answer sir, but above chain.pem file doesn't work for me
Below is my tomcat conf settings
when i am using your chain.pem file i got error (file attach)
when i am using this chain file it works but not for all android mobile/clients
_.webapp.org.in-chain-copy.pem (3.6 KB)
Thank you for your suggestion sir, below is my tomcat configuration
Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol"
The "no secure protocols supported" has NOTHING to do with your chain file. It is because your Tomcat is configured to support too few cipher suites.
This will help you to properly configure your Tomcat cipher suites:
Thanks a lot sir, your chain.pem file and below configuration works for me. You are genius.
One more help required, every after three months manually i have to renew my certificates can i make it auto renewal any how?
You are quite welcome.
That is a very wise question.
I'm not exactly sure how you've got your win-acme configured to acquire your certificate, but since you're using a wildcard certificate, you are clearly fulfilling a dns-01 challenge.
This page offers instructions for dns challenge automation for various DNS providers:
If none of those work for your purposes, you might consider using acme-dns:
Regarding acme-dns as a way to automate DNS challenges, also check out Certify DNS which is a managed cloud implementation of acme-dns and can be used with various acme-dns compatible clients (not just Certify The Web) certifydns | Certify The Web Docs
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.