Applicable to:
- Plesk for Linux
- Plesk for Windows
Symptoms
- Online SSL checker (such as thawte CryptoReport, Qualsys SSL Labs, SSL Shopper) shows an error like:
CONFIG_TEXT: Intermediate certificate missing
CONFIG_TEXT: The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate.
CONFIG_TEXT: This server's certificate chain is incomplete
-
A browser can show:
CONFIG_TEXT: Your connection is not private NET::ERR_CERT_AUTHORITY_INVALID
-
Browser is rejecting certificates based on the intermediate one
-
When trying to log in via an e-mail client, one of the following errors is shown:
CONFIG_TEXT: The server you are connected to is using a security certificate that cannot be verified. The target principal name is incorrect.
CONFIG_TEXT: Could not verify this certificate because the issuer is unknown
Cause
The certificate consists of 3 parts:
- *.key file private key;
- *.crt - certificate itself;
- *-ca.crt - certificate of Certificate Authority.
The error means Certificate Authority (ca.crt) part of a certificate is missing.
Resolution
*.key / *.crt / *-ca.crt parts of the certificate should be provided by your Certificate Authority.
Contact the certificate issuer and ask to provide CA part of the certificate:
Rename the existing certificate under Plesk > Domains > example.com > SSL/TLS Certificates > certificate _name > Rename.
Then, install the certificate again. All three parts should be uploaded/filled for the certificate:
Additional information
How to install SSL certificate for a domain in Plesk
How to generate certificate signing request (CSR) for a domain in Plesk
Comments
Please sign in to leave a comment.