SSL works fine on desktop but on mobile gives not safe notice!

griffin · September 26, 2021, 2:36pm

GoDaddy serves the short chain by default now. I need to test with the long chain.

FirasHelou90 · September 26, 2021, 9:32pm

i don't know how you got that info, because all i know about the certificate stuff is how to set it and redirect nevertheless i am a web developer but with freelance experience not corporate

FirasHelou90 · September 26, 2021, 9:35pm

that would not work, because i already set the certificate and it needs the key also

FirasHelou90 · September 26, 2021, 9:36pm

should i paste all 3 certificate that i get ? because i pasted the first only

rg305 · September 26, 2021, 11:51pm

That is the same certificate (based on the key your have) in use now.
All that changed is the chain.

So it should work.

griffin · September 27, 2021, 12:35am

If you try to use the "long chain", paste the first certificate in the Certificate box and the last two certificates in the CA bundle box. cPanel will automatically pair the key with the certificate.

bruncsak · September 27, 2021, 3:50am

On a UNIX client I simply execute the following command:
openssl s_client -connect f1ian.com:443
the output of the command tells what certificate the server sends.

It depends on the on the web interface, which I do not know. If there are no separate windows for the certificate and the chain, you paste the content of the fullchain (3 certificates). If there are separate windows available, then you paste the certificate pem file (1 certificate) into the certificate input, and the content of the chain file (2 certificates) into the chain input field.

griffin · September 27, 2021, 5:17am

also known as the CA bundle field in cPanel. CertSage only provides the full chain (contents of certificate.crt) containing your leaf certificate then two intermediate certificates, in that order.

FirasHelou90 · September 27, 2021, 7:25am

Thank you everyone so much ! It worked finally ! it seems i wasn't inserting the other certificate in the CA bundle but now i did and it works no more warning on my phone

bruncsak · September 27, 2021, 8:14am

Great!

griffin · September 27, 2021, 11:09am

Awesome!

That also confirms the long chain, @bruncsak.

bruncsak · September 27, 2021, 12:14pm

Yes, yes, yes. This is how it looks like now:

---
Certificate chain
 0 s:CN = f1ian.com
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---

griffin · September 27, 2021, 1:29pm

Woohoo!

system · October 27, 2021, 1:30pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.