Upload cert to host

Hello,

I am attempting to upload my LE SSL Certificate to a hosting provider.

This is the portal that they provide for upload:

To me the form seems simple ... but they consistently insist that I am uploading an invalid certificate.

So, I need to ask if the "CA Bundle" is relating to the file 'chain.pem' or 'fullchain.pem'?

Any ideas? Thanks in advance!

2 Likes

Welcome Back to the Let's Encrypt Community :slightly_smiling_face:

fullchain.pem = cert.pem + chain.pem

For CA Bundle use chain.pem. If that doesn't work, for CA Bundle use only the first certificate in chain.pem. If that doesn't work, come back and I'll guide you further.

1 Like

Ok, I don't think I have tried this yet, so I will give it a try. Thanks!

I have tried using the cert.pem and fullchain.pem files for the "SSL Cert" field and the fullchain.pem file for the "CA Bundle" so far.

1 Like

For the SSL Certificate, use only cert.pem.

2 Likes

If it complains about needing to include the root certificate in the CA Bundle, for the CA Bundle use the first certificate in chain.pem followed by this certificate:

https://letsencrypt.org/certs/isrgrootx1.pem

1 Like

``Important

In order to install your SSL Certificate you will also need the SSL Certificate of the Certificate Authority (i.e the CA bundle). The CA bundle contains root and intermediate certificates of the CA```

1 Like

Yep. Follow my last post and you should be golden.

1 Like

Awesome! I will let you know in a couple of days.

They INSIST that it takes 48 hours for SSL certificates to 'propagate' once installed. WTF? lol.

2 Likes

I constructed the CA Bundle for you :slightly_smiling_face:

cabundle.pem (3.7 KB)

This is the same file that you would get from following my last set of instructions.

2 Likes

Maybe if they're a very slow CDN. :upside_down_face:

1 Like

Wow awesome!

Nah, they just don't know how to do anything off-script. Gotta hate scripted support these days! :frowning:

2 Likes

We're script-free here at LE.

:stuck_out_tongue_winking_eye:

We're also paycheck-free as well.

:thinking:

5 Likes

However, we do like scripting and we really hate manual certificate installation :wink:

@alento Note that your provider has some silly requirements. At least, the root certificate isn't really necessary and only increases the data required for the TLS handshake and thus a little bit slower. They must have their reasons :roll_eyes: I don't know if it are good ones though :wink:

2 Likes

I think they're just using the root certificate to verify the intermediate certificate. I don't think they're actually serving the root certificate. I could be wrong, but that's the pattern I've seen with some other hosting providers.

2 Likes