Hi,
After struggling for a while, I finally got LE to issue the certificates I wanted, but they don’t seem to validate. That is if I run “openssl s_client -connect dw.cameron.edu” I get a the following.
CONNECTED(00000003)
depth=1 /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/CN=dw.cameron.edu
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISA3IJLHapbQWvNnqwk46qVndpMA0GCSqGSIb3DQEBCwUA
...
tHGuYeY0sds6FK7jWPq2XTsGjC/vTvSJpC/JcLwrN9pZPTIb
-----END CERTIFICATE-----
I’m working with an Apache 2.2.3 server. When the certs were generated, I received four files cert1.pem, chain1.pem, fullchain1.pem, and privkey1.pem. The private key was easy to install. My server has ca.pem file that holds the certificate chain and a localhost.crt file that holds the certificate. I have tried installing the cert two different ways (well, actually as many ways as I can think of, but these are the main ones). I copied the fullchain1.pem file over to the ca.cert file and removed the bottom cert and moved it into the localhost.crt file. That didn’t work. I also tried copying the chain1.crt into ca.pem and cert1.pem into localhost.crt. The Apache setting are below.
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateChainFile /etc/pki/tls/certs/ca.pem
Why can’t my server validate these certs?
Thank you.



