Let's Encrypt SSL Certificate

We recently received a free SSL certificate from Let's Encrypt. We received it using the VMBitrix 7.2 virtual machine. We started testing it on devices, in some mobile browsers a warning about an unsafe site appeared, and somewhere the site did not open at all (on the iPhone it does not start, the error is attached). Are there any solutions to this problem?

I attach a screenshot.

Error displaying the site on the iPhone

Author: Дух сообщества, 2018-08-08
Source

1 answers

One of the possible problems is that the server is not configured correctly and does not give the intermediate certificate

# yoursite.com - ваш домен
echo | openssl s_client -connect yoursite.com:443 -servername yoursite.com 2>/dev/null | awk '/Certificate chain/,/---/'

Incorrect answer

Certificate chain
0 s:/CN=yoursite.com
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---

Correct answer

 Certificate chain
 0 s:/CN=yoursite.com
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
 ---

The solution in this case is to use fullchain.pem instead of cert.pem, an example for nginx:

listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/yoursite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yoursite.com/privkey.pem;
 2
Author: diproart, 2018-08-11 08:19:58