Hitch SSL chain issues with Google Chrome

Admin Beckspaced admin at beckspaced.com
Wed Oct 18 09:59:24 UTC 2017


Hello there,

I use hitch as an SSL terminator in front of varnish.
I get my SSL certificates via letsencrypt

this is what i get via the letsencrypt ACME client

cert-1504079018.csr
cert-1504079018.pem
cert.csr -> cert-1504079018.csr
cert-1504079018.pem
chain-1504079018.pem
chain.pem -> chain-1504079018.pem
fullchain-1504079018.pem
fullchain.pem -> fullchain-1504079018.pem
privkey-1504079018.pem
privkey.pem -> privkey-1504079018.pem

to prepare the certificates for hitch I run a small script which merges 
the certificates into 1 file

#!/bin/bash

for d in /etc/dehydrated/certs/*; do
   if [ -d "$d" ]; then
     # echo "$d"
     cat "$d"/cert.pem "$d"/privkey.pem "$d"/chain.pem 
"$d"/fullchain.pem > /etc/hitch/certs/$(basename "$d").pem
   fi
done

then in hitch config I reference the .pem file

pem-file = "/etc/hitch/certs/physiotherapie-neustadt-aisch.de.pem"

so ... if i open the website in firefox all is fine

https://physiotherapie-neustadt-aisch.de/

if I open in Google Chrome it's not working.

So i did a bit of search on google and found out it's a chain issue and 
chrome seems to be a bit more sensitive than firefox

https://www.ssllabs.com/ssltest/analyze.html?d=physiotherapie-neustadt-aisch.de

on ssllabs.com it also states chain issues, incorrect order, extra certs ...

how would i fix this? I assume it has something to do with the way I 
merge the certificates into 1 .pem file

any help would be awesome ;)

thanks & greetings
becki


-- 
Beckspaced - Server Administration
------------------------------------------------
Ralf Flederer
Marienplatz 9
97353 Wiesentheid
Tel.: 09383-9033825
Mobil: 01577-7258912
Internet: www.beckspaced.com
------------------------------------------------



More information about the varnish-misc mailing list