How to fix incorrect order certificate chain warning | Blog - RickyGao Pty Ltd
14652
post-template-default,single,single-post,postid-14652,single-format-standard,ajax_fade,page_not_loaded,,qode_grid_1300,footer_responsive_adv,qode-child-theme-ver-1.0.0,qode-theme-ver-10.1,wpb-js-composer js-comp-ver-5.0.1,vc_responsive

How to fix incorrect order certificate chain warning

How to fix incorrect order certificate chain warning

It seems that Godaddy issued SSL certificate is a little bit special when uploading to the different servers.

Last time, we have fixed the SSL certificate Chain issues: contains anchor,

This time we have identified another SSL certificate issue from SSLLabs when uploading in cPanel.

Chain issues: Incorrect order

image

As we can see that our server is sending out “Go Daddy Root Certificate Authority – G2” first, and then “Go Daddy Secure Certificate Authority – G2” second.

Let’s recall what we uploaded in cPanel:

image

As you can see above, we followed Godaddy’s instructions uploaded the gd_bundle-g2.crt certificate chain file onto cPanel.

Let’s try leave the “Certificate Authority Bundle: (CABUNDLE)” black/empty since cPanel suggested that “In most cases, you do not need to supply the CA bundle because the server will fetch it from a public repository during installation.”

image

Unfortunately we still getting the same warning message.

Now, let’s try one more time with ONLY Intermediate certificate, like what we did in AWS EC2 server

image

Issue fixed

In Summary, in order to fix all different kinds of certificate chain issue from Godaddy certificate, the best practise is always uploading the intermediate called gdig2.crt from Godaddy Certificate Repository