Score:0

Apache serves with new and old SSL Root certificate

id flag

I am hosting a website at https://www.tabletop.cloud

A while back I switched from the DST Root CA X3 root certificate to the ISRG Root X1 certificate. When I access my website in every browser the SSL certificate seems to be working as normal (see below images 1 & 2)

However, I have an iPad that is refusing to use the new certificate and for some reason is receiving a recently signed version of the DST Root CA X3 certificate. (See below image 3, screenshot taken with TLS inspector app)

I've checked if the iPad accepts other websites with the ISRG Root X1 certificate, and it does so without issue.

I've also tried deleting the certificates and letting acme.sh generate new ones from scratch. (However I did not delete the configuration files in /root/.acme.sh/tabletop.cloud because I was unsure if I could do so safely)

I am really confused because I did not think that it was possible to supply different SSL certs based on platform/browser(?).

I am using:

  • Apache 2.4.41
  • acme.sh for lets encrypt certificate requests

enter image description hereenter image description here enter image description here

cn flag
Bob
At first glance I see that you server only sends the signed server certificate and not the intermediate / chain certificate(s). That might be the reason stuff breaks. Consider using the `fullchain` version in stead of only the certificate in your Apache SSL config
Milan avatar
id flag
Interesting, I noticed this on the SSL Labs test. I'll try that out thanks!
Milan avatar
id flag
@Bob You're a hero this fixed the issue! If you add it as an answer I will accept it when I can!
Score:1
cn flag
Bob

Thank you for including your actual domain name. At first glance I see that you server only sends the signed server certificate and not the intermediate / chain certificate(s). That might be the reason stuff breaks.

Consider using the "fullchain" certificate bundle in your SSLcerificateFile instead of only the server certificate in your Apache SSL config, or alternatively add a SSLCertificateChainFile directive with the CA certificates that issued / signed your server certificate.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.