letsencrypt Chain issues: Incorrect order, Extra certs

Hi, I'm using latest virtualmin with Let's encrypt certificates. Although everything works well on most devices the certificate Chain has issues: Chain issues: Incorrect order, Extra certs which lead to site unavailability on some android devices due to err_cert_authority_invalid error.

BTW virtualmin.com has correct certificate chain https://www.ssllabs.com/ssltest/analyze.html?d=virtualmin.com&hideResult... and as you can see there's only one Let's Encrypt Authority X3 in your setup, but in my setup which was automatically configured by virtualmin there are Let's Encrypt Authority X3 and Let's Encrypt Authority X1 , I beleive the Let's Encrypt Authority X1 certificate is not required but is concatenated with X3 certificate into letsencrypt-lib.pl into one cert file.

Status: 
Active

Comments

any comments on this? When delete the Let's Encrypt Authority X1 from the .cert file manually is solves the issue.

Ok, the next release of Webmin will include only the X3 CA file.

Status: Active » Fixed

Hi Jamie, can you please concatenate ssl.ca and ssl.cert into fullchain.pem when generating lets encrypt certificates? Also Nginx should be pointed to this certificate by default. It would make a full certificate chain available and will give a A+ rating for SSL support on SSL labs(without this is only B grade). cat ssl.ca ssl.cert > fullchain.pem

Status: Closed (fixed) » Active

That should already be happening when using Nginx.

It happens on one server with latest webmin, but doesn't on another which also has latest webmin. Can you advise me what to check that it doesn't happen there?

Check which version of the Nginx and Nginx SSL plugins you're running - this is shown at System Setting -> Features and Plugins.