TL;DR: Cert installed. When checked, I’m informed that “the server’s certificate chain is incomplete. Grade capped to B”. How to get grade A?
I had some problems with setting up a cert for a domain using LE (I’d reached my weekly limit…) so I tried using SSLForFree (which uses LE) and managed to get ‘another roll of the dice’ (I was allowed to create one cert).
I now have the following files
-rw-r--r-- 1 root root 1646 Aug 10 18:43 ca_bundle.crt
-rw-r--r-- 1 root root 1930 Aug 10 18:43 certificate.crt
-rw-r--r-- 1 root root 1703 Aug 10 18:43 private.key
Two files are successfully installed following instructions at SSLForFree:
The server/cert works but on checking with SSLLabs, I get the following message:
This server’s certificate chain is incomplete. Grade capped to B.
The Grade B status produces warning messages in some browsers which I want to avoid.
What do I need to do to get the cert to pass at Grade A? Do I need to concatenate the .crt files and .key to form .pem files? What needs to be concatenated with what to create the standard set of three LE files as follows:
Many thanks in advance.
- My web server is: Apache/2.2.15 (Unix)
- The operating system my web server runs on is: Centos 6
- My hosting provider: self-hosted
- I can login to a root shell on my machine: yes
- I’m using a control panel to manage my site: no
- The version of my client is: certbot 0.37.1