Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: *.gedmatch.com
I ran this command: openssl verify fullchain.pem
It produced this output:
fullchain.pem: CN = *.gedmatch.com
error 20 at 0 depth lookup:unable to get local issuer certificate
My web server is (include version): pound V2.6
The operating system my web server runs on is (include version): Ubuntu 16.04.3 LTS
My hosting provider, if applicable, is: aws
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I have been successful in setting up single certificates on pound and apache - but having issues with setting up wildcard certs on pound. I was able to create the cert using dns text.
When I installed it in pound it did not work.
I then tried to verify the certificate with openssl and am getting the error about not being able to get the local issuer.
In doing search on web I found that there may be an issue with the CA certificate in /etc/ssl/certs - related to IdenTrust - I have 2 dated 9/27/2017 IdenTrust_Commercial_Root_CA_1.pem and IdenTrust_Public_Sector_Root_CA_1.pem.
I discovered that attempting to validate the working certs for apache I the same error.
I would like a way to verify the wildcard certificate before I attempt to install it again.
Is there a root CA different for Let’s encrypt than the idenTrust one?