Hi,
I generated a certificate via https://gethttpsforfree.com/ because I only use a webhosting service and have no access to the server itself.
It works fine on all my computers, but my mobile devices show the untrusted error. I tested Android 5 and 6 Chrome and iOS 9 safari.
The let’s encrypt helloworld works fine.
I analysed the certificate via https://www.ssllabs.com/ssltest/analyze.html and is tells me “This server’s certificate chain is incomplete”. Might this be the problem? How can I fix this?
Any ideas what went wrong?
Thank you very much for helping a ssl newbe.
Depending on your webserver software you either need to:
Include chain.pem in your <VirtualHost> section in a SSLCertificateChainFile directive (for Apache version < 2.4.8);
Refer to fullchain.pem (in stead of the cert.pem stated now) in your <VirtualHost> section in the SSLCertificateFile directive (for Apache version 2.4.8 or above);
For nginx: do something with either chain.pem of fullchain.pem, but I have no experience with nginx.
Although this is all refering to the official client. Did gethttpsforfree.com provide you with something called the Intermediate certificate (chain.pem)? If it didn’t provide something like “fullchain.pem”, you can make it yourself by just concatenating cert.pem (the “certificate” gethttpsforfree.com gave you) and chain.pem (the intermediate certificate) together and call it fullchain.pem.
gethttpsforfree.com provides both and I concatenated the certificate and the intermediate and posted it in the CA-part of my hosting-ssl-manager. Now it works perfectly. Thank you very much!