Lets Encrypt intermediate chain fails

Operating system: CentOS
OS version: 6.1
Running into a problem with let’s encrypt when I check the site on sslshopper.com. I get the following error:

The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. The fastest way to fix this problem is to contact your SSL provider.

Let’s Encrypt is not reporting any errors in the control panel, under the server configuration / SSL area and several renewal cycles have completed without error.

This issue is going to be fixed in upcoming Webmin versions for users without certbot installed.

Meanwhile, the best and simple solution would be is to install certbot package.

If you cannot do the above for any reason, you can install latest dev version of Webmin and re-request the certificate for your domain.


Have you considered Centos 7 instead of Centos 6 which is a really old release?

If it is a new VPS install and a new virtualmin install, I suggest you move to CentOS 7 which will be supporte until 2024. Centos 8 will be suppported until December 2021 only.

Many people have already decided to migrate to Ubuntu or Debian for that reason and Virtualmin works with both.

It isn’t simple at all to install certbot on CentOS 6. It’s too old.

Looks like maybe updating to CentOS 7 and then installing the dev version (assuming it’s compatible with 7) might be the most direct way to fix. I’m concerned about how many things I will break with the 6-7 upgrade though. This is on a production webserver.

If it helps, it was a while ago but I’m pretty sure I was offered the upgrade from 6 to 7 using the package updates in Virtualmin. Upgraded without issue. Just took a snapshot of the server first in case things went awry.

I understand why you’re suggesting this and you have valid points. However, simply upgrading is not a direct fix and really doesn’t solve the issue.

CentOS 6 reached end-of-life on November 30th, 2020. @KAtwitch you should really consider upgrading!

The easiest solution to the given problem is to install latest development version of Webmin. At the moment, development version 1.971 is pretty stable, and it should be safe to upgrade.


yum update https://download.webmin.com/devel/rpm/webmin-current.rpm

Note: Generally it is not recommended to upgrade to devel version, unless you know what you’re doing.

1 Like

Nope. CentOS 6 cannot be directly upgraded to CentOS 7 via yum, and it definitely won’t be offered or automatically attempted by Virtualmin.

As Ilia notes, easiest fix is upgrading to development version of Webmin.

You woud not belive how just switching from one distro to another can help.

At home, I installed Iinux mint in an old toshiba laptop and my wifi would go off every 3 minutes. I switched to Ubunto 18.04 and my wifi connection runs smoothly since then.

As another example I had a hard time cofiguring perl cgi scripts in Centos 8. Switched to Debian 9 and the cgi script worked out of the box.

What I do is I always have available a clean vps setup with 4GB RAM free to test any distro with a specific script I need to install and I keep the distro that runs out of the box or needs the least configuration from the start.

Of course all the above when I am just starting setting up a new server not with one I have been using for a while where data can be lost or configurations messed up.

This is what I get on that dev version:

 yum update https://download.webmin.com/devel/rpm/webmin-current.rpm

Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Update Process
webmin-current.rpm | 39 MB 00:05
Examining /var/tmp/yum-root-d8nNMa/webmin-current.rpm: webmin-1.971-1.noarch
Marking /var/tmp/yum-root-d8nNMa/webmin-current.rpm as an update to webmin-1.942-1.noarch
Determining fastest mirrors
YumRepo Error: All mirror URLs are not using ftp, http[s] or file.
Eg. Invalid release/repo/arch combination/
removing mirrorlist with no valid mirrors: /var/cache/yum/x86_64/6/base/mirrorlist.txt
Error: Cannot find a valid baseurl for repo: base

Yes, because CentOS 6 has reached end-of-life. You need to enable vault repos.

Enabled a vault repo, ran the install for the dev version and the SSL problem cleared up. Thanks for the help everyone. It will get me through until I have a minute to build out a new server with a newer OS.

Guys you should drop end of life distro, it would save tons of development time also push folks to go with time… I would even forgot centos 6 or 7…even debian 8 or 9…

We do not support EOL distros. We never have. We still try to help, but we don’t support installation on CentOS 6 today, and our CentOS 6 repos will be retired soon.


This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.