I run this website:
Everything works well.
I tried to integrate a shop in it.
Paypal: Was not able to make the Webhooks or IPN works.
Stripe: Didn't even accept my website adress: "SSL certificate is not valid"
So i tested this:
here they say:
The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. The fastest way to fix this problem is to contact your SSL provider.
At this point i don't know what to do, should i do something with certbot or get an intermediate certificate somewhere ?
Since you gave us no information about how you got or installed the certificate, neither do we. But the test you did was correct; your site is not serving the intermediate signing certificate. You don't need to do anything with certbot to get it (you already have it), but you do need to tell your web server to use it. Depending on your web server and version, this could mean using
fullchain.pem rather than
cert.pem, or using
chain.pem in addition to
how you got or installed the certificate
I got it with :certbot certonly --standalone --preferred-challenges
I don't know what you mean by installed, but as i use apache i made two lines in my conf file like that:
That's all i do to make it work if i remember well.
Did i miss something with the install part ?
I don't understand what you mean by :
but you do need to tell your web server to use it
Clearly you don't remember well, or you wouldn't be having this problem. Once again (for the third time now, since SSLShopper already told you this), your site needs to serve the intermediate signing certificate, which you already have in the
chain.pem file. Consult the docs for your version of Apache to find how to do that.
cert.crt and privkey.key
Look like it works.
I can confirm that you have implemented the correct solution given that your Apache version is at least 2.4.8.
From mod_ssl - Apache HTTP Server Version 2.4 :
The files may also include intermediate CA certificates, sorted from leaf to root. This is supported with version 2.4.8 and later, and obsoletes SSLCertificateChainFile.
The file extensions are technically irrelevant though some webservers might take them as cues about the format of the contents.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.