Hi team,
I’m running into a similar problem [as this related post]. I’m running cht ver 4.x and I noticed that my certificate has incomplete chain issues. How should resolve this incomplete chain as shown here
(SSL Server Test: search-cht.org (Powered by Qualys SSL Labs)).
I’ve both certificate.crt and intermidiate.crt and I’ve tried combining them but still not working.
Any guidance will be helpful.
Thank you.
Erick
Hi @ewafula !
I’ve moved your post to be stand alone with an apt title so it’s easier for folks to find who are having the same issue.
To solve chaining issues I suggest:
- Download both
certificate.crtandintermidiate.crtfrom Sectigo Limited to ensure they’re up to dote - First confirm the
.crtfiles are binary format. If they are, convert them to ASCII and.pem. See this write up on how to do the conversion and check if they’re binary. - concatenate the two cert files into one called file called
cert.pem. Assuming they’re calledserver.pemandchain.pemthis would look like:cat server.pem chain.pem > cert.pem -
Follow the steps to copy the certs into the
nginxcontainer. - restart
nginxcontainer:docker restart $(docker ps --filter "name=_nginx_" -q)
Also, If this is a production instance, we recommend following our 4.x production install docs to deploy it. I noticed your password is the the default from the local setup guide which is not a security best practice when using a publicly accessible CHT instance 
Thank @mrjones.
This is very exciting, I’m so glad it has worked.
Erick
1 Like
Super! Good news that it worked.
Let us know if you get stuck again!
1 Like