Some sites missing letsencrypt intermedaite certyficate for no reson

Discussion in 'ISPConfig 3 Priority Support' started by Patryk Marek, Mar 23, 2020.

  1. Patryk Marek

    Patryk Marek New Member

    Had any one issue like this most of sites SSL chain is ok but for alt least 2 i found already missing intermediate certyficate.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The intermediate cert is in the certificate file, it's not a separate file anymore in recent apache versions. Take care that you looked into the right file. And the files are created by certbot, not ISPConfig.
     
  3. Patryk Marek

    Patryk Marek New Member

  4. till

    till Super Moderator Staff Member ISPConfig Developer

    First, check if the intermediate SSL cert is included in the SSL crt file. If that's the case, then check in a real browser, not an SSL tester. Results from SSL test sites are not always correct, so don't worry if they show sites unless you get the same error in a browser.
     
  5. Patryk Marek

    Patryk Marek New Member

    Ok how do i test this ? can you guide me how to do it?
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    I just checked your ssl cert for you, the cert of that site is valid and it also has the correct full certificate chain.

    2020-03-23 09_58_46-Zertifikat.png
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Click on the SSL icon in the URL bar of the browser, open the SSL details and check the cert chain.
     
  8. Patryk Marek

    Patryk Marek New Member

  9. till

    till Super Moderator Staff Member ISPConfig Developer

    Check it in your browser. Your users are using a web browser to browse your site and not an SSL tester. And if you don't believe me and your web browser, then read the apache documentation yourself to see that chain certs belong into the crt file now and then check the crt file to see if LE has added the chain cert there or not. How many customers did you have that told you that they can't browse your site due to an SSL error?
     
    ganewbie likes this.

Share This Page