Let's Encrypt SSL Certificate
We recently received a free SSL certificate from Let's Encrypt. We received it using the VMBitrix 7.2 virtual machine. We started testing it on devices, in some mobile browsers a warning about an unsafe site appeared, and somewhere the site did not open at all (on the iPhone it does not start, the error is attached). Are there any solutions to this problem?
I attach a screenshot.
1
Author: Дух сообщества, 2018-08-08
1 answers
One of the possible problems is that the server is not configured correctly and does not give the intermediate certificate
# yoursite.com - ваш домен
echo | openssl s_client -connect yoursite.com:443 -servername yoursite.com 2>/dev/null | awk '/Certificate chain/,/---/'
Incorrect answer
Certificate chain
0 s:/CN=yoursite.com
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
Correct answer
Certificate chain
0 s:/CN=yoursite.com
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
The solution in this case is to use fullchain.pem
instead of cert.pem
, an example for nginx:
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/yoursite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yoursite.com/privkey.pem;
2
Author: diproart, 2018-08-11 08:19:58