SSL chaining issues in CHT 4.x

Hi team,
I’m running into a similar problem [as this related post]. I’m running cht ver 4.x and I noticed that my certificate has incomplete chain issues. How should resolve this incomplete chain as shown here
(SSL Server Test: search-cht.org (Powered by Qualys SSL Labs)).
I’ve both certificate.crt and intermidiate.crt and I’ve tried combining them but still not working.
Any guidance will be helpful.
Thank you.
Erick

Hi @ewafula !

I’ve moved your post to be stand alone with an apt title so it’s easier for folks to find who are having the same issue.

To solve chaining issues I suggest:

  1. Download both certificate.crt and intermidiate.crt from Sectigo Limited to ensure they’re up to dote
  2. First confirm the .crt files are binary format. If they are, convert them to ASCII and .pem. See this write up on how to do the conversion and check if they’re binary.
  3. concatenate the two cert files into one called file called cert.pem. Assuming they’re called server.pem and chain.pem this would look like: cat server.pem chain.pem > cert.pem
  4. Follow the steps to copy the certs into the nginx container.
  5. restart nginx container: docker restart $(docker ps --filter "name=_nginx_" -q)

Also, If this is a production instance, we recommend following our 4.x production install docs to deploy it. I noticed your password is the the default from the local setup guide which is not a security best practice when using a publicly accessible CHT instance :wink:

Thank @mrjones.
This is very exciting, I’m so glad it has worked.
Erick

1 Like

Super! Good news that it worked.

Let us know if you get stuck again!

1 Like