Hello everyone! I recently ( about 24 hours ago ) installed a certificate on my website: dreadd.info, hosted in hostinger. I got the certificate from sslforfree.com
I first added TXT records for the verification than got certificate and private key copied and than pasted on my hostinger.com account.
I bought my domain through 1&1(1and1.com), if i visit my website through smartphone i got a non secure connection, through https://www.ssllabs.com i got some issues:
No SNI: Server Key and Certificate #1 NOT TRUSTED
Chain issues : Incomplete
I ran this command:
It produced this output:
My web server is (include version):
ocalhost via UNIX socket Server type: MariaDB
Apache 7.0.23
Database client version: libmysql - mysqlnd 5.0.12-dev -
The operating system my web server runs on is (include version):
Cent OS
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): yes
Your issue is the incomplete chain served by your web server, seems you uploaded (pasted) only the certificate in your control panel instead of the fullchain which is your certificate + intermediate certificate (also known as chain cert).
I don't know if you are using shared hosting but if you are you should take a look to this doc:
You can check the chain served using below command:
This is becauise usually PC browsers cache the intermediate certificate if you have visited another site that it is using Let's Encrypt cert but phone browsers don't cache them.
Thanks for your reply!
Well im on a premium account on hostinger where they offer free manual ssl installation but the webpage only displays: Certificate: (CRT) and Private Key :(Key) and Certificate Authority Bundle (CABUNDLE) and i pasted all of them already
@chalkrave, if you check the link I posted, there the certificate and the chain are pasted in the certificate field instead of pasting the chain in the CA BUNDLE field… did you try that?.
i didn’t really get that sorry… i pasted the chain(the chain is the certificate right?) in the certificate field and privatekey in privatekey and CA bundle in ca bundle, i even tried to switch them but it didnt work, what ive tried is re-install the key under the same settings and i noticed that the hostinger system refuse to install my ssl when i put the CA BUNDLE, if i put just the certificate and the private key it looks all good but then i got this ssl problem. thats where it is coming from i guess…
Paste the certificate and chain in the certificate field, the key in the private key field and leave empty the ca bundle field.
I don’t know how you issued the cert but usually you receive 4 files:
cert.pem that is the certificate for your domain
privkey.pem that is the private key
chain.pem that is the Let’s Encrypt intermediate certificate
fullchain.pem that is a combination of cert.pem + chain.pem
Well, if you received the fullchain file, just paste the content of this file into the certificate field of your control panel and the private key in the right field, thats all.
Yeeee it worked! just tried and it did work: pvt key copied and paste in pvt key but i unified chain and certificate and it did go through. lets see what happens! thank you for now
@chalkrave, just for the records, now I can see that both domains (dreadd.info & www.dreadd.info) are serving the complete chain so you should not have issues on mobile phones
Just keep in mind that certificates have 90 days validity so you must repeat this process every 3 months (or less just in case there is some problem you would have time to fix it before the expiration date).
