Why isn't my certificate trusted?


#1

I have ran the client ./letsencrypt-auto certonly
then edited the nginx config file like the following.

Unfortunately when I restarted the server I was getting an error telling me that the certificate is not trusted.


#2

Use fullchain.pem as your ssl_certificate as well as your ssl_trusted_certificate.


#3

Same


#4

tried running site through https://dev.ssllabs.com/ssltest/index.html tests ?


#5

Are you using the latest version of the client? Are you using any --server flag when running the client? Did you reload nginx after changing the cert?

Also https://dev.ssllabs.com/ssltest/analyze.html?d=raed.it&hideResults=on&latest says your cert is fine. The only thing wrong is that your cert is valid for www.raed.it, but not raed.it. You should really have TLS on both.


#6

Yes but I can’t figure out the problem (may be a WWW redirect problem ?)


Yes just cloned the client
No I didn’t use the --server flag
Yes I did reload nginx


#7

^ that’s probably the problem


#8

It is a redirect problem. You’re allowing connections on https://raed.it (not explicitly, I know, but trust me, you are), and your cert isn’t valid for https://raed.it.


#9

[quote=“Leliana, post:8, topic:5547, full:true”]
It is a redirect problem. You’re allowing connections on https://raed.it (not explicitly, I know, but trust me, you are), and your cert isn’t valid for https://raed.it.
[/quote] ah ha nice catch @Leliana


#10

This is probably true.

If it is not much of problem, can you check my old config and suggest where/what to edit ?

http://pastebin.com/2UpCaSyC