SSL Renewed but Intermediate Certificate Failed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: survtapp.com

My web server is (include version): Apache

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don't know): YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.40.0

I was able to renew the letsencrypt certificate but I get this error on whynopadlock.com:

You have an invalid or missing intermediate (bundle) certificate. This may not break your padlock on all browsers, but will on others. Please contact your SSL Vendor for assistance with this error.

In /etc/apache2/sites-available/000-default-le-ssl.conf - I've mentioned:

ServerName survtapp.com
SSLCertificateFile /etc/letsencrypt/live/survtapp.com-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/survtapp.com-0001/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

Please suggest how to fix this.

I've downloaded: lets-encrypt-r3-cross-signed.cer & lets-encrypt-r3.cer - but where do I upload them?

TIA!

1 Like

Is this a different problem than the one you posted here?

You should know whynopadlock has a bug. It does not correctly interpret Let's Encrypt chains. Try checking the site whynopadlock.com on that site you will see the same message even when checking their own site. Yes, they use Let's Encrypt certs but don't show the right messages. I wrote to them over a month ago and never got a response.

4 Likes

That "-0001" is a general indication of something not being exactly as it was expected.
Please show the output of:
certbot certificates

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.