Where should I go for assistance with "incomplete chain" SSL issue?
Hi folks, I used this guide:
"Install Let's Encrypt to Create SSL Certificates"
https://www.linode.com/docs/security/ssl/install-lets-encrypt-to-create-ssl-certificates/
And for the most part it was easy and works fine.
But I'm only getting a "B" on the SSLLabs test.
https://www.ssllabs.com/ssltest/analyze.html?d=labusas.org&latest
---DNS CAA = No
---Chain issues = Incomplete
My web forum on the server works great.
We're on a Linode $20/month CentOS7 VPS.
Chrome indicates "trusted" HTTPS pages everywhere.
But some users here and there are still getting cert errors.
Such as this one from one of my users:
'' Connection not protected
The security of your connection is reduced. Criminals can attempt to steal your data from the website. You are advised to leave this website.
URL:
labusas.org
Reason:
Invalid name of certificate. Either the name is not on the allowed list, or was explicitly excluded.
2 Replies
Greetings,
The easiest option may be to reinstall the certificate using Certbot. This tool automates the process so these types of error don't generally pop up. You can use our guide here.
If that is not an option we recommend checking out the error logs for more information. Feel free to share them here.
Best,
Preston
Linode Support Team
Thanks. I did re-do the entire install a few times per the guide but still have the same issues.
---DNS CAA = No
---Chain issues = Incomplete
Here is a copy of one of the logs:
tail letsencrypt.log
self._check_symlinks()
File "/usr/lib/python2.7/site-packages/certbot/storage.py", line 520, in _check_symlinks
"expected {0} to be a symlink".format(link))
CertStorageError: expected /etc/letsencrypt/live/labusas.org/cert.pem to be a symlink
2019-01-03 12:14:40,274:INFO:certbot.storage:Attempting to parse the version 0.30.0 renewal configuration file found at /etc/letsencrypt/renewal/labusas.org-0003.conf with version 0.29.1 of Certbot. This might not work.
2019-01-03 12:14:40,347:DEBUG:certbot.ocsp:Querying OCSP for /etc/letsencrypt/live/labusas.org-0001/cert.pem
2019-01-03 12:14:40,348:DEBUG:certbot.ocsp:openssl ocsp -no_nonce -issuer /etc/letsencrypt/live/labusas.org-0001/chain.pem -cert /etc/letsencrypt/live/labusas.org-0001/cert.pem -url http://ocsp.int-x3.letsencrypt.org -CAfile /etc/letsencrypt/live/labusas.org-0001/chain.pem -verify_other /etc/letsencrypt/live/labusas.org-0001/chain.pem -trust_other -header Host ocsp.int-x3.letsencrypt.org
2019-01-03 12:14:40,444:DEBUG:certbot.ocsp:Querying OCSP for /etc/letsencrypt/live/labusas.org-0003/cert.pem
2019-01-03 12:14:40,445:DEBUG:certbot.ocsp:openssl ocsp -no_nonce -issuer /etc/letsencrypt/live/labusas.org-0003/chain.pem -cert /etc/letsencrypt/live/labusas.org-0003/cert.pem -url http://ocsp.int-x3.letsencrypt.org -CAfile /etc/letsencrypt/live/labusas.org-0003/chain.pem -verify_other /etc/letsencrypt/live/labusas.org-0003/chain.pem -trust_other -header Host ocsp.int-x3.letsencrypt.org
[root@ducmanic letsencrypt]#
And the most recent log:
tail letsencrypt.log.26
_handle_perform_error(error)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/plugins/standalone.py", line 239, in _try_perform_single
return self._perform_single(achall)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/plugins/standalone.py", line 245, in _perform_single
servers, response = self._perform_http_01(achall)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/plugins/standalone.py", line 254, in _perform_http_01
servers = self.servers.run(port, challenges.HTTP01, listenaddr=addr)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/plugins/standalone.py", line 78, in run
raise errors.StandaloneBindError(error, port)
StandaloneBindError: Problem binding to port 80: Could not bind to IPv4 or IPv6.
[root@ducmanic letsencrypt]#