Im using tomcat at my backend and I got four files after using letsencrypt:
sudo ./letsencrypt-auto certonly
I got:
cert.pem, chain.pem, fullchain.pem, privkey.pem.
Then in order to create keystore for tomcat I used following commands:
openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out cert_and_key.p12 -name tomcat -CAfile chain.pem -caname root
And after that:
keytool -importkeystore -deststorepass password destkeypass password destkeystore MyDSKeyStore.jks -srckeystore cert_and_key.p12 -srcstoretype PKCS12 -srcstorepass password -alias tomcat
I've put the MyDSKKeyStore.jks into tomcat .keystore file. And application loading ok, but the problem appears when Im trying to do the
openssl s_client -connect host:port
giving me:
CONNECTED(00000003)
depth=0 CN = bla.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = bla.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 CN = bla.com
verify error:num=21:unable to verify the first certificate
verify return:1Certificate chain
0 s:/CN=bla.com
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
The problem also happens when facebook webhook is trying to send get request to my app giving the error:
The request sent to your callback URL failed with the following error:
Callback verification failed with the following errors: curl_errno = 60; curl_error = SSL certificate problem: unable to get local issuer certificate; HTTP Status Code = 200; HTTP Message = Connection established
So how do I resolve the problem?