I’m sorry, but I’m entirely new at SSL certificates with Let’s Encrypt, and I do not know what a certificate chain is or how to change it.
I do know how to view the details of a certificate in Safari and Chrome, but I’m not sure what to look for, or where to look for what is weird vs normal.
I tried googling and there are 10k+ articles but they all seem to presume I know what I’m looking for and just need to know how to get to each certificate on each computer.
Thank you for the information. I knew there had to be a tool like that out there, but I failed to find any.
Here is my vHost file
<VirtualHost 127.0.0.1:34543>
ServerName https://files.luo.ma:443
ServerAdmin admin@example.com
DocumentRoot "/Volumes/Media/Dropbox/Sites/files.luo.ma"
DirectoryIndex index.html index.php default.html
CustomLog /var/log/apache2/access_log combinedvhost
ErrorLog /var/log/apache2/error_log
<IfModule mod_ssl.c>
SSLEngine Off
SSLCipherSuite "HIGH:MEDIUM:!MD5:!RC4:!3DES"
SSLProtocol -all +TLSv1.2
SSLProxyEngine Off
SSLCertificateFile "/etc/certificates/files.luo.ma.33D315BF61ACBBD4068903DDC376DA7E44288693.cert.pem"
SSLCertificateKeyFile "/etc/certificates/files.luo.ma.33D315BF61ACBBD4068903DDC376DA7E44288693.key.pem"
SSLCertificateChainFile "/etc/certificates/files.luo.ma.33D315BF61ACBBD4068903DDC376DA7E44288693.chain.pem"
SSLProxyProtocol -all +TLSv1.2
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
</IfModule>
<IfModule mod_secure_transport.c>
MSTEngine Off
MSTCipherSuite HIGH, MEDIUM
MSTProtocolRange TLSv1.2 TLSv1.2
MSTProxyEngine On
MSTIdentity SHA-256:b0f7e479d45ff737c8b363d7c58d38700b3d3725b2940838c22877d09c39abcb:"files.luo.ma"
MSTProxyProtocolRange TLSv1.2 TLSv1.2
</IfModule>
<Directory "/Volumes/Media/Dropbox/Sites/files.luo.ma">
Options All -Indexes -ExecCGI -Includes +MultiViews
AllowOverride All
<IfModule mod_dav.c>
DAV Off
</IfModule>
<IfDefine !WEBSERVICE_ON>
Require all denied
ErrorDocument 403 /customerror/websitesoff403.html
</IfDefine>
</Directory>
</VirtualHost>
I have to admit that until I searched it out, I have never actually seen this file. It must have been generated by the Server.app on macOS, but I assume that I can edit this as needed.
I’m also assuming there’s no confidential information here or anything. I really wish I understood this better.
Thanks for your time and patience. I am pleased to learn more about this, especially as Apple moves to deprecate its server functionality.
duplicated. "key" is your private key, that's ok (don't share the content of that file).
cert.pem is normally your own certificate. Looks like chain.pem contains your own, the Letsencrypt and the root certificate.
Share the content or check, if there are three certificates. If yes, remove the last (that's the root) and use that file as "SSLCertificateFile", remove the "SSLCertificateChainFile".