Fix an incomplete SSL chain

[birdie]

More here: ​https://www.ssllabs.com/ssltest/analyze.html?d=www.midnight-commander.org

Please, fix it.

[zaytsev]

The chain is complete, it's just that the CA certificate is not stapled to our certificate in our server response. I have tried my best to improve on our SSL setup, but I'm afraid can't get much further. Hope that B is enough for most practical purposes.

[zaytsev]

After a bit more struggle we've finally got an A =) yay!

[birdie]

Certificates provided	1 (1657 bytes)
Chain issues	Incomplete

[zaytsev]

See the explanation above, I'm not planning to fix this.

[andrew_b]

Ticket #3217 has been marked as a duplicate of this ticket.

[sorin]

Can we reopen this? The website is not opening in Chrome.

If you cannot keep the SSL certificate valid and monitoring, why bothering putting one?

This only makes the experience worse, not to count that this will break indexing and down list the site from Google. I would not be surprised to see it delisted too.

[zaytsev]

What are you talking about? The certificate is valid and the checker isn't reporting any issues. Can you give the details on the error message that you are getting from Chrome?

[zaytsev]

Ticket #3217 has been marked as a duplicate of this ticket.

[zaytsev]

Got an A after updating the setup to ~logjam state, enabled stapling; closing...

[zaytsev]

Got a kindly sponsored certificate from GlobalSign, hopefully will improve the situation with browser support in the future.

[zaytsev]

Renewed certificate for the next year, thanks goes to GlobalSign again...

[zaytsev]

Switched to NameCheap / !Comodo paid via AdSense income a few years ago for 5 years in advance, GlobalSign was just way too much work every year to get a free renewal code. Reissued again for 2025 :(