Ticket #3164 (closed defect: fixed)

Opened 11 years ago

Last modified 6 weeks ago

Fix an incomplete SSL chain

Reported by: birdie Owned by: zaytsev
Priority: blocker Milestone:
Component: adm Version:
Keywords: Cc:
Blocked By: Blocking:
Branch state: no branch Votes for changeset:

Change History

comment:1 Changed 11 years ago by andrew_b

  • Version master deleted
  • Milestone 4.8 deleted

comment:2 Changed 11 years ago by zaytsev

  • Status changed from new to accepted
  • Owner set to zaytsev

The chain is complete, it's just that the CA certificate is not stapled to our certificate in our server response. I have tried my best to improve on our SSL setup, but I'm afraid can't get much further. Hope that B is enough for most practical purposes.

comment:3 Changed 11 years ago by zaytsev

  • Status changed from accepted to testing
  • Resolution set to fixed

comment:4 Changed 11 years ago by zaytsev

After a bit more struggle we've finally got an A =) yay!

comment:5 Changed 11 years ago by birdie

Certificates provided	1 (1657 bytes)
Chain issues	Incomplete

comment:6 Changed 11 years ago by zaytsev

See the explanation above, I'm not planning to fix this.

comment:7 Changed 11 years ago by andrew_b

Ticket #3217 has been marked as a duplicate of this ticket.

comment:8 Changed 10 years ago by sorin

Can we reopen this? The website is not opening in Chrome.

If you cannot keep the SSL certificate valid and monitoring, why bothering putting one?

This only makes the experience worse, not to count that this will break indexing and down list the site from Google. I would not be surprised to see it delisted too.

comment:9 Changed 10 years ago by zaytsev

What are you talking about? The certificate is valid and the checker isn't reporting any issues. Can you give the details on the error message that you are getting from Chrome?

comment:10 Changed 9 years ago by zaytsev

Ticket #3217 has been marked as a duplicate of this ticket.

comment:11 Changed 9 years ago by zaytsev

  • Status changed from testing to closed

Got an A after updating the setup to ~logjam state, enabled stapling; closing...

comment:12 Changed 8 years ago by zaytsev

Got a kindly sponsored certificate from GlobalSign, hopefully will improve the situation with browser support in the future.

comment:13 Changed 7 years ago by zaytsev

Renewed certificate for the next year, thanks goes to GlobalSign again...

Last edited 7 years ago by zaytsev (previous) (diff)

comment:14 Changed 6 weeks ago by zaytsev

Switched to NameCheap / !Comodo paid via AdSense income a few years ago for 5 years in advance, GlobalSign was just way too much work every year to get a free renewal code. Reissued again for 2025 :(

Note: See TracTickets for help on using tickets.