I enter the received keys in the necessary fields, but I receive a message
ERROR: SSL intermediate chain is not valid
However, I see on the server that I have some anomalies.
For domain socket.wichry-wojny.eu I have only one file socket.wichry-wojny.eu.conf
and for others I have a file ending in ssl.conf
What steps should I take to generate a valid certificate - either Lets Encrypt or my paid certificate.
I do not know what to do
eri, thank you for your reply.
Unfortunately, if it was enough to do the tasks according to your instructions - I wouldn’t write a post here that I can’t do something
hi the key and cert doesn’t match means what it is meant i.e. csr is not matching with your current private key and so with certs to fix this you need to generate new CSR and private key and reissue the certs
you can generate csr from online site like : https://csrgenerator.com/
or via this command in your server :
example output :
**A challenge password should be empty hit enter key
[email protected]:~# openssl req -nodes -newkey rsa:4096 -sha256 -keyout domainname.key -out domainname.csr
Generating a RSA private key
.....................................................................................................................................................................................................................................................................................++++
........++++
writing new private key to 'domainname.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:IN
Locality Name (eg, city) []:IN
Organization Name (eg, company) [Internet Widgits Pty Ltd]:IN
Organizational Unit Name (eg, section) []:IN
Common Name (e.g. server FQDN or YOUR name) []:google.com
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:IN
[email protected]:~# ls
domainname.csr domainname.key
save the csr and key in safe place later you need the key for the cert instalaltion.
After all, I believe that the problem lies with HestiaCP and not with the paid certificate.
If there is a problem with the Lets Encrypt certificate and with the paid one on this domain - it’s a bug
HestiaCP works fine with paid certificates, also lets encrypt basicly takes the same way for adding the cert files to the domain. So if there would be a bug with adding ssl, also lets encrypt would not work.
You also can try to add a self signed, if this works, you probaly still have an issue with your cert.
You also received above some good input how to validate your certificate.
Ok, I removed the problematic subdomain from Hestia, I set up the same subdomain again
And the problem with the certificate is over - I generated let’s Encrypt normally.
It’s a pity that someone reports a problem to you and you (as support / software producers) say that it’s a problem with the certificate and that HestiaCP works perfectly, only the user did something wrong
But that’s okay, it’s working now. The topic can be closed.
Regards.
micom
429 is a rate limit on Lets encrypt side. But with out error logs or even debugging on your side we are not able to debug everything. We don’t have access to your server so we need feed back from your side…
We did had an issue openssl server that was not killed and causing issue.
Also Hestia comes for free with out support / liability or warrenty…