Let's Encrypt Error on Firefox

The Setup

While double checking my website after some minor behind the scenes changes, I noticed an error regarding my connection.

Firefox wouldn’t give me the expected “green lock”. Instead I received a warning dialog that the connection is insecure.

Recently I had gotten a certificate from the awesome organization Lets Encrypt the Web.

5 Second Fix

It appears when I first setup the Nginx server I specified the certificate from Let’s Encrypt. This was not providing the chain of trust from the CA, through the intermediate, to the certificate itself. Nginx does a great job of explaining this here.

The solution is simple. Where you have the certificate, create a new cert of your host certificate + the chain like so:

    cd /path/to/certificates;
    cat host.pem chain.cert > complete.pem;

You can now specify the newly formed complete.pem in your nginx config like so:

    ssl_certificate /path/to/certificates/complete.pem;

I reloaded my nginx configuration. Note reload is way better than restart for Nginx since it’ll check the syntax of your configuration files before loading them. This can prevent bad syntax being the reason why your website is down since it won’t load the new configuration until after the configuration has been verified.

    sudo service nginx reload

You should now point your browser to your website with a https:// schema and you’ll see an awesome green lock icon instead of the dialog telling you how tore up your website currently is.

bobby

SRE, former Release Engineer, Pythonista, Gopher, Rube Goldberg Machine Untangler, Amateur Photographer. My thick skulled opinions are my own.

USA