Error: SSL intermediate chain is not valid

jekasumy · December 20, 2024, 4:46pm

Hello. When adding a certificate from Sectigo I get an error - Error: SSL intermediate chain is not valid

How to solve the problem?

Raphael · December 20, 2024, 5:30pm

Insert the full chain, including the intermediate should solve the issue.

jekasumy · December 20, 2024, 5:41pm

I do that. But I get an error.

Raphael · December 20, 2024, 6:44pm

Do you want to add it to a webdomain or as hestia panel certificate?

jekasumy · December 20, 2024, 6:45pm

I add via web interface. This is a regular domain (site). Not a certificate for the panel

The panel is: v1.9.0~beta1

jekasumy · December 22, 2024, 12:13pm

Bought a new certificate. When adding a certificate, now there is no error, it just does not install. The certificate checkboxes are reset and nothing works.

jekasumy · December 22, 2024, 2:54pm

Does anyone know how to solve this problem?

jekasumy · March 3, 2025, 9:42pm

I still want to return to this problem. The certificate is not installed through the panel. I had to manually go into the nginx and apache configs to install it. That’s the only way it worked.

And through the panel, the error is - Error: SSL intermediate chain is not valid

In the panel logs - 2025-03-03 22:41:35 v-change-web-domain-sslcert ‘test’ ‘test.com’ ‘/tmp/tmp.Qc7xdjAFQ3’ ‘no’ [Error 3]

What’s the matter, maybe I don’t understand?

I’m inserting SSL correctly

jekasumy · March 3, 2025, 10:11pm

Debug mode:

Error: SSL intermediate chain is not valid | DEBUG BACKTRACE: array ( 0 => array ( ‘file’ => ‘/usr/local/hestia/web/edit/web/index.php’, ‘line’ => 710, ‘function’ => ‘check_return_code’, ‘args’ => array ( 0 => 3, 1 => array ( 0 => ‘Error: SSL intermediate chain is not valid’, ), ), ), )

jekasumy · March 3, 2025, 10:14pm

Very strange. Every other time it gets added somehow

sahsanu · March 3, 2025, 10:49pm

Seems a bug in the way Hestia validates it.

Backup function domain.sh

cp /usr/local/hestia/func/domain.sh /usr/local/hestia/func/domain.sh.backup

Now edit /usr/local/hestia/func/domain.sh and replace this (lines 435 to 438):

                s1=$(openssl x509 -text -in $ssl_dir/$domain.crt 2> /dev/null)
                s1=$(echo "$s1" | grep Issuer | awk -F = '{print $6}' | head -n1)
                s2=$(openssl x509 -text -in $ssl_dir/$domain.ca 2> /dev/null)
                s2=$(echo "$s2" | grep Subject | awk -F = '{print $6}' | head -n1)

by this:

                s1=$(openssl x509 -noout -in $ssl_dir/$domain.crt -issuer 2>/dev/null | cut -d = -f2-)
                s2=$(openssl x509 -noout -in $ssl_dir/$domain.ca -subject 2>/dev/null | cut -d = -f2-)

Save the file and try again.

jekasumy · March 3, 2025, 10:55pm

Yes! It worked! Please make this edit globally in the panel.

sahsanu · March 3, 2025, 11:21pm

Done

jekasumy · March 3, 2025, 11:22pm

Thank you. Now we are waiting for a new version.
Also, if you have access to edit, then fix the error on the site - [Bug] Spelling error · Issue #4884 · hestiacp/hestiacp · GitHub