Posts by zakaria93

    If I want to open that folder or path: /etc/letsencrypt/archive with Filezilla or Putty, it shows me permission denied.
    What could be the problem here?

    What is the purpose of the /usr/share/ca-certificates/mozilla folder and the certificates in there?

    Sorry, I'm not sure about Mozilla. The guys here might be able to help. In regards permissions denied try to use sudo or login into your server using root or ask your hosting provider to provide the needed privileges.

    You need to find your SSL bundle including a chain file for CA and a private key and a certificate, sometimes they are provided in one combined file, but in your server you will find the bundle in /etc/letsencrypt/archive/[yourdomainame] directory if you used certbot, otherwise find who is your SSL provider and where they store the SSL bundle files and use them in verifying the certificate with openssl.

    The error message is saying it couldn't find chain1 file, which should be in stated above directory if you used certbot.

    1. Error loading file chain1.pem

    Also, make sure to use

    1. dos2unix combined_chain1.pem

    To clear the chain file from dos formatted (^M) blue carriage return characters that I observed in the first cross signed root cert when combined the chain.

    If you dont have unix2dos installed, since it no longer comes prebuilt in distros, use

    1. yum install unix2dos

    Good luck.

    I am a little overwhelmed by the amount of different solutions here. Are there special solutions for different operating systems?
    Could anybody sum up which solutions are the most effective and lasting ones and how to step by step get it done for someone who doesn't work on servers regularly?

    Thank you!

    Here is how I resolved it and I think it might help if your issue was with running

    1. openssl verify -CAfile chain1.pem cert1.pem

    It's returning

    1. C=US, O=Internet Security Research Group, CN=ISRG Root X1
    2. error 2 at 2 depth lookup: unable to get issuer certificate
    3. error cert1.pem: verification failed

    Then your CA file is missing some certificates and you can download all needed certs using following one combined command that will generate combined_chain1.pem

    1. wget -O isrgrootx1.pem && wget -O isrg-root-x1-cross-signed.pem && wget -O lets-encrypt-r3.pem && wget -O lets-encrypt-r3-cross-signed.pem && cat isrgrootx1.pem isrg-root-x1-cross-signed.pem lets-encrypt-r3.pem lets-encrypt-r3-cross-signed.pem > combined_chain1.pem

    With combined_chain1.pem run

    1. openssl verify -CAfile combined_chain1.pem cert1.pem

    and it should return

    1. cert1.pem: OK

    With thanks.