"The certificate is not trusted in all web browsers..."


#1

I have dozens of websites on the same server, they are pretty much clones of eachother and they all started to display this error on GTmetrix:

### The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. [Learn more about this error](https://www.sslshopper.com/ssl-certificate-not-trusted-error.html). The fastest way to fix this problem is to contact your SSL provider.

I found other threads about it but couldn’t understand how to fix the problem based on them.

My domain is: www.reciclandobh.org

I ran this command: sudo certbot certonly --webroot -w public -d www.reciclandobh.org -d m.reciclandobh.org -d reciclandobh.org

It produced this output:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/www.reciclandobh.org/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/www.reciclandobh.org/privkey.pem
   Your cert will expire on 2019-02-14. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

The operating system my web server runs on is (include version): Ubuntu 14.04.5

My hosting provider, if applicable, is: Amazon

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#2

You’re using Apache, right?

What version of Apache is it? What certificate configuration are you using?

If you’re using Apache 2.4.8 or newer, it should be:

SSLCertificateFile /etc/letsencrypt/live/www.reciclandobh.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.reciclandobh.org/privkey.pem

If it’s older, it should be:

SSLCertificateFile /etc/letsencrypt/live/www.reciclandobh.org/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.reciclandobh.org/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.reciclandobh.org/privkey.pem

#3

Apache/2.4.7

I’ll update the addresses


#4

seems to have worked with these addresses, I’ll update the other websites, thank you