After installing certificate in Plesk message appears: SSL CA is not correct. Intermediate certificate missing




  • Avatar
    Miha Gregorš (Edited )


    I have similar problem with SSL letsencrypt where ROOT 1 missing. I test on

    I have Plesk/Onyx 17.8 with Nginx+Apache, Extensions are all updated.


    And on even new iPhone I get error in browser:

    Any idea how to solve that?

    Regards, Miha

  • Avatar
    Alexandr Redikultsev

    Hello, @Miha!

    Missing root 1 certificate reported by seemed to be an issue on their side according to the following topic in Let's Encrypt community: 

    As for the 'This connection is not private' message, could you please clarify whether or not you are trying to access Plesk interface on port 8443 before facing this error?

  • Avatar
    Miha Gregorš


    no it was an error on classic website, example We notice that this page doesn't work on many Apple OS.


  • Avatar
    Alexandr Redikultsev

    Hi, @Miha.

    For me, certificate is showing fine in my desktop browser. I do not have the iPhone to check how it is working there, but I believe that the issue exists for you.

    Maybe some Apple OS browsers require additional tuning in the server side to work properly but we did not face any such cased before as there are no articles on that in our knowledge base.

    I suggest clarifying how it is possible that Apple OS browser is showing that SSL is not trusted while Chrome or Firefox is showing the things fine. Maybe you will get an advice on what to adjust.

  • Avatar
    Don Duke

    This solution doesnt work.

    There should be 3 .crt uploads in Plesk, not just one.

    Often the intermediate certificate is a separate crt, so you have the main .crt, then the -ca.crt, then the intermediate .crt.

    How we do install a certificate built like this in Plesk??

  • Avatar
    Maxim Krasikov

    Hello @Don Duke,

    An intermediate certificate should be manually added directly in CA certificate section.

    For example, certificates have been signed in the following order:

    Root CA > Intermediate1 > Intermediate2 > domain certificate.

    The content of the certificates should be manually added directly in CA certificate (*-ca.crt) section in Plesk at Tools & Settings > SSL/TLS Certificates > Add SSL/TLS Certificates or in Domains > > SSL/TLS Certificates > Add SSL/TLS Certificates in the following order (domain certificate is not used):

    Intermediate2, Intermediate1, Root CA

Please sign in to leave a comment.

Have more questions? Submit a request