LetsEncrypt - SSL certificate is not valid

  • Thank you for your reply, Zakaria.
    I did not change anything yet for fixing it beforehand, if you presumed I did, please let me know what steps I have to do first.

    I tried to follow your instructions.

    So I log into my server with Putty and type:

    Code
    1. openssl verify -CAfile chain1.pem cert1.pem


    Result comes out:

    Code
    1. Error loading file chain1.pem

    What did I do wrong?

  • You need to find your SSL bundle including a chain file for CA and a private key and a certificate, sometimes they are provided in one combined file, but in your server you will find the bundle in /etc/letsencrypt/archive/[yourdomainame] directory if you used certbot, otherwise find who is your SSL provider and where they store the SSL bundle files and use them in verifying the certificate with openssl.

    The error message is saying it couldn't find chain1 file, which should be in stated above directory if you used certbot.

    Code
    1. Error loading file chain1.pem


    Also, make sure to use

    Code
    1. dos2unix combined_chain1.pem

    To clear the chain file from dos formatted (^M) blue carriage return characters that I observed in the first cross signed root cert when combined the chain.

    If you dont have unix2dos installed, since it no longer comes prebuilt in distros, use


    Code
    1. yum install unix2dos


    Good luck.

    Edited 2 times, last by zakaria93 ().

  • If I want to open that folder or path: /etc/letsencrypt/archive with Filezilla or Putty, it shows me permission denied.
    What could be the problem here?

    What is the purpose of the /usr/share/ca-certificates/mozilla folder and the certificates in there?

  • If I want to open that folder or path: /etc/letsencrypt/archive with Filezilla or Putty, it shows me permission denied.
    What could be the problem here?

    What is the purpose of the /usr/share/ca-certificates/mozilla folder and the certificates in there?

    Sorry, I'm not sure about Mozilla. The guys here might be able to help. In regards permissions denied try to use sudo or login into your server using root or ask your hosting provider to provide the needed privileges.

  • If I want to open that folder or path: /etc/letsencrypt/archive with Filezilla or Putty, it shows me permission denied.
    What could be the problem here?

    What is the purpose of the /usr/share/ca-certificates/mozilla folder and the certificates in there?

    Hi BerndBonker,


    Please open a new thread for your specific problem. And you will get support there as well. Looks like the Linux basics are missing.


    We should not fill this important thread with things like that.


    BR

  • I managed to get the permission probem fixed now. Is your solution only meant to fix domain by domain with the mentioned steps or will it fix all used certs at once and I can afterwards manage it again in iMSCP directly through the Domains section? Cause you mentioned I have to go to my desired domain folder.

  • it seems the plugin cron job validity checks between the renewals does not work properly with the new snap certbot.

    I can see many certificates which have been re-requested marked as invalid.

    All these certificates were generated with the snap certbot and they were still valid for about 2 months, but they are marked as invalid by the plugin cron job and the apache ssl conf are deleted.


    Is there any solution for the cron job validation check?

    Edited 2 times, last by fulltilt ().