Question

SSL chain incomplete

Posted October 17, 2021 92 views
Docker

We have a reverse-proxy service on our page onradr.com, where we installed the our certificates with the certbot.

Now, when we test our certificates on https://www.ssllabs.com/ssltest it says that the SSL chain is incomplete. Moreover the Chrome and Safari Browsers on iOS won’t accept our new certificate (we updated all our certificates after the LetsEncrypt Root-Certificate changed. Before our certificates did fine).

I found this post on SO:
https://stackoverflow.com/questions/39471580/ssl-chain-incomplete/39471719
…which exactly describes our problem. We did change the cert.pem to fullchain.pem in our configuration with no luck.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Hi there,

Did you restart Nginx after you made the configuration change?

First, make sure to run a config test with:

sudo nginx -t

And only if you get Syntax OK then restart the service:

sudo systemctl restart nginx

Also, I would recommend checking the /etc/letsencrypt/live/your_domain.com/ to verify that the full chain file is in there.

Let me know how it goes.
Best,
Bobby

  • Hey Bobby,

    Thank you very much for your answer.

    We didn’t really do the changes proposed in the SO post, as we didn’t had a proper overview of our configuration files :)

    Now we changed:

    certificate /etc/letsencrypt/live/onradr.com/cert.pem
    

    to:

    certificate /etc/letsencrypt/live/onradr.com/fullchain.pem
    

    in the right place and it worked.