Good day everyone, I can't find the reason why he swears at ssl
Service says there is a problem with the certificate: What's My Chain Cert?
But a click in the browser on everything seems to be fine
I tried to check the encoding of a picturec using curl, because I thought that the problem was in the kitten's encoding, since I noticed the problem itself after Facebook stopped parsing pictures when sharing
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
I apologize in advance, I'm not very good at this. I will be glad for any help
Modern browsers are really good at fixing incorrect configurations. In this case, most modern browsers will automatically correct the chain, but other clients will not.
In your case, the server given sends a certificate chain that is incredibly old; that is, it's sending a chain that Let's Encrypt stopped using in 2016 (it's sending the very old X1 intermediate).
The server in question needs to use the chain delivered by the ACME client. From the very old intermediate certificate it serves we can see that the chain was manually set by someone, which is incorrect.
Thanks for the answer, I'm sorry, but I didn't quite understand how then to fix the problem and what is there along the chain?
If this is your server, you should first state what ACME client (e.g certbot) you're using and what your webserver (e.g nginx) is. Next we can look at your current configuration and what needs to be done to fix it.
Nginx web server, but how to check which ACME is being used?
How do you manage your server? How did you aquire the certificate initially?
Everything has already been installed before me, I was just looking for the reason why the picture does not work when sharing on Facebook, so I say that I have no experience with ssl. I access the server via ssh.
That sounds good, we can work with that.
What's the output of
sudo certbot certificates?
-bash: certbot: command not found
Okay, so you're not using certbot.
In this case we might want to have a look at where your certificates currently are. For that we need to look at the nginx configuration.
sudo nginx -T
should print the entire nginx configuration, which can potentially be rather large. We're interested in config lines that contain the text
A bit of googling indicates that this could be the Vesta Control Panel, can you confirm this?
There is no Vesta Control Panel, as I understand it at this stage through the console it can not be fixed in any way and you need to write to the hosting support?
Yeah as I'm still not sure which client this is and how it's configured you probably need to ask your support if you have that.
is a VestaCP - login. VestaCP uses the 8083 port with http and https.
May be your VestaCP is too old.
Wow, I really didn't know it was there, thanks I'll try to find access to this panel. Thanks!
Hello! I have access to the whist panel, tell me, can I somehow fix ssl with those who have access and seeing this page https://i.imgur.com/JykbZbc.png or maybe find out the reason for the certificate robots error. Or would it be easier to install ACME and generate a new certificate? Once again, I apologize, I am not competent in these matters((
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.