- Plesk for Linux
- Plesk for Windows
Warning: the instructions are applicable to Plesk, if you are using another product the article does not help.
- Online SSL checker (such as thawte CryptoReport, Qualsys SSL Labs, SSL Shopper) shows an error like:
CONFIG_TEXT: Intermediate certificate missing
CONFIG_TEXT: The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate.
CONFIG_TEXT: This server's certificate chain is incomplete
A browser can show:
CONFIG_TEXT: Your connection is not private NET::ERR_CERT_AUTHORITY_INVALID
Browser is rejecting certificates based on the intermediate one
When trying to log in via an e-mail client, one of the following errors is shown:
CONFIG_TEXT: The server you are connected to is using a security certificate that cannot be verified. The target principal name is incorrect.
CONFIG_TEXT: Could not verify this certificate because the issuer is unknown
The certificate consists of 3 parts:
- *.key file private key;
- *.crt - certificate itself;
- *-ca.crt - certificate of Certificate Authority.
In general, the error means that the CA part is missing.
*.key / *.crt / *-ca.crt parts of the certificate should be provided by your Certificate Authority.
Contact the certificate issuer and ask to provide CA part of the certificate:
Rename the existing certificate under Plesk > Domains > example.com > SSL/TLS Certificates > certificate _name > Rename.