Just do cert + chain + privkey, in that order. -- With kind regards, Angelo Höngens Systems Administrator ------------------------------------------ NetMatch travel technology solutions
Professor Donderstraat 46 5017 HL Tilburg T: +31 (0)13 5811088 F: +31 (0)13 5821239 mailto:[email protected] http://www.netmatch.nl ------------------------------------------ Disclaimer Deze e-mail is vertrouwelijk en uitsluitend bedoeld voor geadresseerde(n) en de organisatie van geadresseerde(n) en mag niet openbaar worden gemaakt aan derde partijen This e-mail is confidential and may not be disclosed to third parties since this e-mail is only intended for the addressee and the organization the addressee represents. -----Original Message----- From: varnish-misc [mailto:[email protected]] On Behalf Of Admin Beckspaced Sent: Wednesday, 18 October, 2017 11:59 To: [email protected] Subject: Hitch SSL chain issues with Google Chrome Hello there, I use hitch as an SSL terminator in front of varnish. I get my SSL certificates via letsencrypt this is what i get via the letsencrypt ACME client cert-1504079018.csr cert-1504079018.pem cert.csr -> cert-1504079018.csr cert-1504079018.pem chain-1504079018.pem chain.pem -> chain-1504079018.pem fullchain-1504079018.pem fullchain.pem -> fullchain-1504079018.pem privkey-1504079018.pem privkey.pem -> privkey-1504079018.pem to prepare the certificates for hitch I run a small script which merges the certificates into 1 file #!/bin/bash for d in /etc/dehydrated/certs/*; do if [ -d "$d" ]; then # echo "$d" cat "$d"/cert.pem "$d"/privkey.pem "$d"/chain.pem "$d"/fullchain.pem > /etc/hitch/certs/$(basename "$d").pem fi done then in hitch config I reference the .pem file pem-file = "/etc/hitch/certs/physiotherapie-neustadt-aisch.de.pem" so ... if i open the website in firefox all is fine https://physiotherapie-neustadt-aisch.de/ if I open in Google Chrome it's not working. So i did a bit of search on google and found out it's a chain issue and chrome seems to be a bit more sensitive than firefox https://www.ssllabs.com/ssltest/analyze.html?d=physiotherapie-neustadt-aisch.de on ssllabs.com it also states chain issues, incorrect order, extra certs ... how would i fix this? I assume it has something to do with the way I merge the certificates into 1 .pem file any help would be awesome ;) thanks & greetings becki -- Beckspaced - Server Administration ------------------------------------------------ Ralf Flederer Marienplatz 9 97353 Wiesentheid Tel.: 09383-9033825 Mobil: 01577-7258912 Internet: www.beckspaced.com ------------------------------------------------ _______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc _______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
