Question

SSL chain incomplete

We have a reverse-proxy service on our page onradr.com, where we installed the our certificates with the certbot.

Now, when we test our certificates on https://www.ssllabs.com/ssltest it says that the SSL chain is incomplete. Moreover the Chrome and Safari Browsers on iOS won’t accept our new certificate (we updated all our certificates after the LetsEncrypt Root-Certificate changed. Before our certificates did fine).

I found this post on SO: https://stackoverflow.com/questions/39471580/ssl-chain-incomplete/39471719 …which exactly describes our problem. We did change the cert.pem to fullchain.pem in our configuration with no luck.

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hi there,

Did you restart Nginx after you made the configuration change?

First, make sure to run a config test with:

sudo nginx -t

And only if you get Syntax OK then restart the service:

sudo systemctl restart nginx

Also, I would recommend checking the /etc/letsencrypt/live/your_domain.com/ to verify that the full chain file is in there.

Let me know how it goes. Best, Bobby