Ticket #3164 (closed defect: fixed)
Fix an incomplete SSL chain
Reported by: | birdie | Owned by: | zaytsev |
---|---|---|---|
Priority: | blocker | Milestone: | |
Component: | adm | Version: | |
Keywords: | Cc: | ||
Blocked By: | Blocking: | ||
Branch state: | no branch | Votes for changeset: |
Description
More here: https://www.ssllabs.com/ssltest/analyze.html?d=www.midnight-commander.org
Please, fix it.
Change History
comment:2 Changed 11 years ago by zaytsev
- Status changed from new to accepted
- Owner set to zaytsev
The chain is complete, it's just that the CA certificate is not stapled to our certificate in our server response. I have tried my best to improve on our SSL setup, but I'm afraid can't get much further. Hope that B is enough for most practical purposes.
comment:3 Changed 11 years ago by zaytsev
- Status changed from accepted to testing
- Resolution set to fixed
comment:5 Changed 11 years ago by birdie
Certificates provided 1 (1657 bytes) Chain issues Incomplete
comment:7 Changed 11 years ago by andrew_b
Ticket #3217 has been marked as a duplicate of this ticket.
comment:8 Changed 10 years ago by sorin
Can we reopen this? The website is not opening in Chrome.
If you cannot keep the SSL certificate valid and monitoring, why bothering putting one?
This only makes the experience worse, not to count that this will break indexing and down list the site from Google. I would not be surprised to see it delisted too.
comment:9 Changed 10 years ago by zaytsev
What are you talking about? The certificate is valid and the checker isn't reporting any issues. Can you give the details on the error message that you are getting from Chrome?
comment:10 Changed 9 years ago by zaytsev
Ticket #3217 has been marked as a duplicate of this ticket.
comment:11 Changed 9 years ago by zaytsev
- Status changed from testing to closed
Got an A after updating the setup to ~logjam state, enabled stapling; closing...
comment:12 Changed 8 years ago by zaytsev
Got a kindly sponsored certificate from GlobalSign, hopefully will improve the situation with browser support in the future.
comment:13 Changed 7 years ago by zaytsev
Renewed certificate for the next year, thanks goes to GlobalSign again...
comment:14 Changed 6 weeks ago by zaytsev
Switched to NameCheap / !Comodo paid via AdSense income a few years ago for 5 years in advance, GlobalSign was just way too much work every year to get a free renewal code. Reissued again for 2025 :(