How to establish CA Chain for firefox using new virtualmin letsencrypt SSL feature?

3 posts / 0 new
Last post
#1 Tue, 03/29/2016 - 09:33
tremor

How to establish CA Chain for firefox using new virtualmin letsencrypt SSL feature?

Centos 6 with Webmin/Virtualmin and Apache:

I tried out the new letsencrypt feature for my virtualhost and initially it failed. After some searching I found that I needed to install python-argparse, after that the lets encrypt tab on the SSL management page for my virtual host worked and setup my vhost with a cert from Lets Encrypt! Great.. works fine in Chrome. But.. Firefox doesn't like it and the tester at ssllabs.com that analyzes certs gave me a grade C.

Virtualmin SSL setup vulnerable to poodle, no perfect forward secrecy.. I was able to fix all that by tinkering with the directives..

But I cannot for the life of me figure out why firefox still doesn't like the cert and I get "This server's certificate chain is incomplete. Grade capped to B. " at SSL labs. - Everything appears to have worked correctly getting the Let's Encrypt cert installed. My CA tab shows "Let's Encrypt Authority X1...."

Any ideas on how to fix this chain issue?

Tue, 03/29/2016 - 15:40
tremor

Found my own answer.. I went to: https://whatsmychaincert.com

and it generated the chain cert I needed to which I simply added to an SSlCerticicateChainFile directive in my virtualhosts config manually... I think doing this automatically would be a nice improvement though for the feature so that sites can get an Instant A rating from SSL Labs.

Fri, 04/01/2016 - 06:04
LeonB

The solution proposed here fixed the issue for me.

Topic locked