Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Old versions of apache don't support combined chain files #5052

Closed
SwartzCr opened this issue Aug 25, 2017 · 6 comments
Closed

Old versions of apache don't support combined chain files #5052

SwartzCr opened this issue Aug 25, 2017 · 6 comments
Labels
area: documentation good first issue
Projects
PyCon 2018

Comments

@SwartzCr
Copy link
Contributor

Maybe we should mention this for people on old versions of 2.4
via: https://community.letsencrypt.org/t/curl-refuses-to-accept-my-cert-saying-the-certificate-issuer-is-not-recognized/40917
@jemacom
Copy link

jemacom commented Dec 13, 2017

Where can I find the doc file to change ?

@SwartzCr
Copy link
Contributor Author

Hi @jemacom!
The file to change would be https://github.com/certbot/certbot/blob/master/docs/using.rst
Note that that's a rst file that will be built by sphinx, and as such has some strange formatting. You can read more about rst formatting syntax here: http://docutils.sourceforge.net/docs/user/rst/quickstart.html and here http://docutils.sourceforge.net/docs/user/rst/cheatsheet.txt
Let me know if you have any issues getting started!

@jemacom
Copy link

jemacom commented Dec 17, 2017

Hi @SwartzCr,

I think someone already worked on this version problem here.

Should I mention it elsewhere in the docs ? If yes, in which section ?

Thanks ! 😊

@sbraden
Copy link
Contributor

sbraden commented May 14, 2018

Pycon2018 Sprint: In progress.

@sbraden
Copy link
Contributor

sbraden commented May 14, 2018

The relevant documentation is already in the docs/using.rst file:
(starting on line 712)
`
fullchain.pem
All certificates, including server certificate (aka leaf certificate or
end-entity certificate). The server certificate is the first one in this file,
followed by any intermediates.

This is what Apache >= 2.4.8 needs for SSLCertificateFile <https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile>,
and what Nginx needs for ssl_certificate <http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate>.

cert.pem and chain.pem (less common)
cert.pem contains the server certificate by itself, and
chain.pem contains the additional intermediate certificate or
certificates that web browsers will need in order to validate the
server certificate. If you provide one of these files to your web
server, you must provide both of them, or some browsers will show
"This Connection is Untrusted" errors for your site, some of the time <https://whatsmychaincert.com/>_.

Apache < 2.4.8 needs these for SSLCertificateFile <https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile>.
and SSLCertificateChainFile <https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatechainfile>,
respectively.
`

@bmw
Copy link
Member

bmw commented May 17, 2018

Nice catch. I think this can be closed.

Thanks for looking into this!

@bmw bmw closed this as completed May 17, 2018
@bmw bmw added this to To do in PyCon 2018 via automation May 17, 2018
@bmw bmw moved this from To do to Done in PyCon 2018 May 17, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area: documentation good first issue
Projects
No open projects
PyCon 2018
  
Done
Milestone
No milestone
Development

No branches or pull requests
4 participants
@SwartzCr @sbraden @jemacom @bmw