Firefox Letsencrypt Issue

Discussion in 'General' started by nathansmonk, Jul 27, 2016.

  1. nathansmonk

    nathansmonk New Member

    I've installed letsencypt and done the following to symlink to the files:

    # Change into the directory of your sites SSL files.
    # You will need to update the site name to that of the site created in ISPconfig.
    cd /var/www/
    # Remove all existing files.
    # you should take a backup of these files before this command.
    rm -r ./*
    # Now create the symlink.
    # You will need to update the site domain for this to work for your new site.
    ln -s /etc/letsencrypt/live/
    ln -s /etc/letsencrypt/live/
    ln -s /etc/letsencrypt/live/
    But in firefox I get the following error: uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported.

    Has anyone come across this before and know how to resolve it?
  2. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    The symlinks look correct for the filenames/types. Can you access other sites in firefox using letsencrypt certificates without error?

    Also what version of ispconfig are you running? 3.1 (now in beta) has letsencrypt support built in, with no need to manually setup any certs/links.
  3. nathansmonk

    nathansmonk New Member
    The built in SSL isn't going to work for me, as the site in question is actually a wordpress multisite, so I add all domains to the one cert as in ISPconfig, it is classed as one site, whereas in reality it is lots.


    I think it might be something to do with not sending the fullchain/intermediate?
  4. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Make sure your webserver config for the vhost does point to the .bundle file. Maybe make sure the certificate store on your server's OS is up to date. You can use the openssl client to connect to the web server and see what certificates it's sending (or there are probably web-based sites that will connect to your server and explain what it's getting .. I don't know know any by name offhand, but I think I've seen them)

Share This Page