Let's Encrypt SSL - Chain Certificate Issue

Hi, I have requested for SSL certificate through the Let’s Encrypt tab for my domain provided by Virtualmin. However, when I conduct the SSL Server Test in SSL Server Test (Powered by Qualys SSL Labs) and GTmetrix, they each show a warning stating that server’s certificate chain is incomplete and that the chain issues are incomplete.

I have followed the instructions to change the SSL configuration to use the file ssl.combined instead of ssl.cert and restart the daemon web server from the following post Please Help, Virtualmin Lets encrypt SSL problem - Virtualmin - Virtualmin Community.

Looking forward to any assistance. Thanks a lot :slightly_smiling_face:

If you’re running an old version of Webmin, this can happen.

Installing certbot or updating Webmin (or both) may fix it.

Also, please always include your OS and Virtualmin versions in every new topic (there’s a reason they’re included in the template for new posts).

Noted, I will install and update the webmin and see if the problem may be fixed.

I am currently using the following OS and Virtualmin Versions:
Virtualmin version: 6.14
Webmin version: 1.962
OS Version: CentOS Linux 7.9.2009

OK, those are current. So, that is probably not your problem, unless you updated recently and haven’t regenerated certs since then.

I have just requested for the SSL certificate only yesterday. Should I re-request for a new SSL certificate under the Let’s Encrypt tab menu to solve this issue?

I also have this problem. I am using Centos 7. virtualmin centos and webmin are up to date.

I updated a few days ago and started having this problem.

My telegram bot is not working because of this problem.

We ask for your help in this regard.

I also use Virtualmin on Centos 7 and I checked the SSL certificate on different webpages. I also got the same “error msg” but I wonder if this is not only a “false positive” and the “real message hidden behind” is that some people and companies selling commersial SSL certificates dont like the free SSL certificates so much.

What does the error message from Qualsys SSL Lab actually mean from a technical and security point of view? (I dont know, but I do not believe in everything I find on Internet.)

Quote from “error msg”:

Revocation status Validation error
OCSP ERROR: Exception: connect timed out [http://r3.o.lencr.org]

DNS CAA No (more info)

Edit:

While checking out the link r3.o.lencer.org webbrowser came up with a warning against “dangerous site”.

Hi, Here is the solution…

1 Like

Hello,

I fixed the problem installing certbot and generating all the certs again.

Certbot - Centosrhel7 Certbot - Centosrhel7 Nginx

In my Case i was using apache

After the chain was fixed i have used the normal certbot instance installed in virtualmin

Thanks for your advice, it is working like a charm now. :+1:

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.