Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Discourse Setup Error - Easy setup is not so easy? Question Question
I know it is obvious but after a Windows installation - how do I use Docker? Question Question

Question

SSL chain incomplete

Posted October 17, 2021 92 views
Docker

We have a reverse-proxy service on our page onradr.com, where we installed the our certificates with the certbot.

Now, when we test our certificates on https://www.ssllabs.com/ssltest it says that the SSL chain is incomplete. Moreover the Chrome and Safari Browsers on iOS won’t accept our new certificate (we updated all our certificates after the LetsEncrypt Root-Certificate changed. Before our certificates did fine).

I found this post on SO:
https://stackoverflow.com/questions/39471580/ssl-chain-incomplete/39471719
…which exactly describes our problem. We did change the cert.pem to fullchain.pem in our configuration with no luck.

Add a comment
maki3000
By:
maki3000

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Discourse Setup Error - Easy setup is not so easy? Question Question
I know it is obvious but after a Windows installation - how do I use Docker? Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer
bobbyiliev October 18, 2021

Hi there,

Did you restart Nginx after you made the configuration change?

First, make sure to run a config test with:

sudo nginx -t

And only if you get Syntax OK then restart the service: 

sudo systemctl restart nginx

Also, I would recommend checking the /etc/letsencrypt/live/your_domain.com/ to verify that the full chain file is in there.

Let me know how it goes.
Best,
Bobby

Reply Report
  • maki3000 October 21, 2021

    Hey Bobby,

    Thank you very much for your answer.

    We didn’t really do the changes proposed in the SO post, as we didn’t had a proper overview of our configuration files :)

    Now we changed:

    certificate /etc/letsencrypt/live/onradr.com/cert.pem

    to:

    certificate /etc/letsencrypt/live/onradr.com/fullchain.pem

    in the right place and it worked.

    Reply Report

Related

Looking for something else?

Ask a new question Search for more help