"Your connection is not private" on Chrome 47


#1

Hi.

Two days ago I got my private key using Let’s Encrypt for my site https://snakify.org/. For the first day, it worked well, but since today my Chrome 47.0 (Mac OS X 10.11.1) and a number of other browsers are complaining on my certificates. See the screenshot:

Could you help me to fix that?


#2

It’s probably not the reason of the error in Chrome (but can’t hurt to fix and try), but you should instruct your webserver to also serve the intermediate certificate (chain.pem) to the browser. See your results @ SSLLabs: “This server’s certificate chain is incomplete. Grade capped to B.”

Chrome should be able to download the intermediate certificate, but perhapse something went wrong in that process.


#3

That’s your last problem, the report also says:

This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C.
This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B.
The server does not support Forward Secrecy with the reference browsers.
This server's certificate chain is incomplete. Grade capped to B.

Maybe fix them too if you are at it.

Follow this: https://weakdh.org/sysadmin.html


#4

If you don’t mind some ancient clients not able to connect, you also could disable non-ECC DHE altogether. Performance-wise DHE is a pain in the …

(And SSLv3 ofcourse…)


#5

Thank you guys. I fixed the problem. It was exactly about serving fullchain.pem. In my Nginx config I changed

    ssl_certificate     /etc/letsencrypt/live/snakify.org/cert.pem;

to

    ssl_certificate     /etc/letsencrypt/live/snakify.org/fullchain.pem;

#6

I have been able to resolve this issue on our site https://edupediapublications.org/

I had installed two SSL one one bare edupediapublications.org and other on www.edupediapublications.org
After uninstalling from one say with www then refreshing DNS and cleaning cache

I can enjoy the Free SSL of Let’s Encrypt.