On Mon, Nov 14, 2022 at 10:34 PM Lukas Tribus <lu...@ltri.eu> wrote: > On Mon, 14 Nov 2022 at 22:56, James Read <jamesread5...@gmail.com> wrote: > >> So the file needs to contain first your certificate and then the > >> intermediate one. > > > > > > OK. Thanks. I rearranged the file and deleted some certificates. Now > sslabs is reporting no chain issues for Certificate #1: RSA 2048 bits > (SHA256withRSA) > > Correct, a TLS session negotiated with SNI us.wottot.com is now > correctly showing the intermediate certificate. > You are not sending the root certificate here, which is also > completely correct at this point. > > The previous poster is confused by the openssl output, which actually > shows a correctly configured server (for the particular SNI value > us.wottot.com). > > So all browsers and mobile devices should be able to connect to > us.wottot.com now. > > > > but for Certificate #2: RSA 2048 bits (SHA256withRSA) it is reporting > > Chain issues Incomplete, Extra certs, Contains anchor > > This is a fallback for clients not matching us.wottot.com. > > You probably have a "default" ssl server in your configuration that is > still pointing to a path that you did not cleanup. You should only > define this certificate once in your nginx configurations, not > multiple times in different server blocks. > > > OK. Problem solved. Thanks for your patience and your explanations.
James Read > > Lukas > _______________________________________________ > nginx mailing list -- nginx@nginx.org > To unsubscribe send an email to nginx-le...@nginx.org >
_______________________________________________ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
