Valid SSL cert is valid in chrome but not in Firefox

Ok so my issue is: I have my main domain, kevswoodworks.com. I don't really need that SSL but I will in the future. Then I have my store which is the subdomain listed below, and i used the same cert request as i did for my forum.kevswoodworks.com and it comes across as valid on all browsers. So with that being a success I rush to the stores Virtual server through Virtualmin pro version 6.14 Pro and I request a certificate. Comes back as success! then I go on chrome... works fine. go on firefox and it says this website is not safe would you like to continue. Why does the exact same process work for the first subdomain and not the second? So I thought: Ok, I will go and remove it and request another one, maybe some files are missing. Nope, still the same issue.

My domain is: Store.kevswoodworks.com

I ran this command:requested new cert through virtualmin

It produced this output:successful

My web server is (include version): Built by me:
Intel(R) Xeon(R) CPU E3-1245 v6 @ 3.70GHz, 8 cores
Linux 3.10.0-1160.6.1.el7.x86_64 on x86_64
1.88 GiB used / 923.04 MiB cached / 30.84 GiB total
9.38 GiB used / 10.34 TiB free / 10.35 TiB total
The operating system my web server runs on is (include version):CentOS Linux 7.9.2009

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):Webmin

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):1.962

1 Like

Hi @cshor28,

Yes, it appears that your store subdomain is not properly configured with SSL. It is missing the intermediate certificate in the certificate chain. This would cause problems for certain browsers and devices.

Your main domain and forum subdomain have their certificate chains correctly configured.

This might actually be a bug in Virtualmin. Let's Encrypt recently updated it's issuer certificate from "Let's Encrypt Authority X3" to "R3". It looks like Virtualmin might be hardcoding the older X3 for all Let's Encrypt certificates in some cases:

I would reach out to Virtualmin about this, via https://forum.virtualmin.com or via their support if you have a support contract.

3 Likes

Welcome to the Let's Encrypt Community, Collin :slightly_smiling_face:

Here is the correct full chain (your certificate and the intermediate certificate):
fullchain.pem (3.5 KB)


@_az

I had literally just confirmed the missing intermediate and was hitting post when your post dropped. :upside_down_face:

1 Like

Ok so between yesterday and today I have added a cert to the main site Kevswoodworks.com same issue... however I tried a cert from Name.com through rapidssl and added that along with the intermediate. went in firefox. still invalid even though you view the cert everything is there... like WTF webmin? also Why is forum.kevswoodworks.com working where the store is not the forum is secure on every browser and "safe" however the store literally through the same software and acquisition of the cert is not? I'm at a loss here. are you saying that Virtualmin/Webmin does not support R3 and is hard coded with X3? and if so then why is the forum working correctly? I mean I'm talking maybe 2 weeks between adding the forums ssl and then I added the stores after I saw everything working properly... then it didn't.

1 Like

It's not the certificate that's causing store.kevswoodworks.com to appear insecure. That's fixed now (by serving the full chain). It's the mixed content that's causing store.kevswoodworks.com to appear insecure. When you reference resource files (fonts, images, movies, etc.) in your webpage, you need to make sure that their addresses begin with https.

Use this to check store.kevswoodworks.com (and your other (sub)domains):

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.