Honestly, not sure if my problem is permissions or what.
I have a program I'm running that people can connect to. When I disable SSL in the programs options it works fine. If I enable SSL no one can connect to it. I obtained certificates using this command: sudo certbot certonly --email tuckerhoog@tutanota.com \ --webroot --webroot-path /usr/local/share/webapps/letsencrypt/ \ -d play.atavismxi.com
I point the program to those certificates in its config file like this: https://i.postimg.cc/ZRnNJv16/Screenshot-from-2021-08-21-16-34-21.png
So not sure why connections to server don't work with SSL enabled.
Unfortunately, it seems the software you're using (which software is it anyway?) doesn't handle the fullchain.pem the correct way: it only uses the top certificate (which is the end leaf certificate) and ignores the intermediate certificate(s). This can and probably will lead to errors in the clients connecting to the service.
However, I'm not sure how the software you're using (again, no idea which software it is..) can be configured to use the intermediate certificate(s).
Well it works now. I feel silly but whatever it works. Was just a port issue. I changed a bunch of permissions for my user to access the certs. Not sure if that was necessary now or not. You're the second person to tell me it doesn't use intermediate certificates. So not sure what that means exactly.
User certificates nowadays are never directly signed by the root certificates which are present in browsers or other clients and are trusted by those browsers/clients. There is one (or more) certificate(s) between the root certificate and the user certificated, called intermediate certificate(s). If the server doesn't send the intermediate certificate used to sign the user certificate, clients can have a hard time building a so called "chain" of certificates to one of the trusted root certificates. If they can't build a trusted chain, the user certificate will be judged as un-trusted.
You can see the certificates used by Let's Encrypt here:
Note that fullchain.pem embeds all the required intermediate certificates. But for some reason the software you're using doesn't use the intermediates in that file.
I hate to point out the somewhat obvious (or do I?).
But did you read (and understand) lines 70-73 ?
It might be exactly how to resolve this lack of chain problem.