Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command:
brew install certbot
mkdir ~/lets-encrypt
certbot certonly --manual --key-type rsa -d --preferred-challenges=http --config-dir ~/lets-encrypt --work-dir ~/lets-encrypt --logs-dir ~/lets-encrypt
My web server is (include version):
azure
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
azure
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
I checked with azure support and they said there might be an issue with cert chain and i am getting unable to verify first cert error in postman if i am sending request by enabling SSL verification
Well, it sounds like you're not installing the full chain where it needs to go, then. But it also sounds like you're doing a lot of manual, error-prone steps. Can't you configure Azure to just get and install its own certificates and chains?
Yes, I can confirm cdluk.kpmgonline.co.uk:443 is only sending the end leaf certificate without any intermediates, so there indeed is a chain issue.
However, using fullchain.pem usually does the trick, but as I said, I have no experience with Azure, so as Peter says it might have something to do with how you need to upload the chain. Sometimes it's required to separately send cert.pem in one place and chain.pem in another field.
I also agree with Peter that it's best to automate things. But that also might be depending on what kind of Azure service you're using.
when i uploaded the full chain, it said it needed the private key so i added the private key as well to the full chain and uploaded. Is there a way you can help me complete the cert chain and i can try uplaoding that
I think you need to describe, step by step, exactly how you're getting the files that certbot produces into wherever you're trying to put them in Azure (and what that Azure interface looks like). (And again, it's likely that whatever those steps are can all be automated which will make things easier on you.)
PFX file was generated by me using openssl commands.
Sorry, for using shortcuts. I meant i uploaded the full chain certificate to the azure app gateway listner
