[Bug Report] SSL: This server's certificate chain is incomplete.

aaP_l0broot

This can cause some applications to be unable to interact with the server backend program, and the impact on modern browsers is not obvious.

In stable version 6.8.23, if we create a new site, check the "SSL: Apply for SSL", the certificate chain of the x509 certificate generated during this process is incomplete.
If we create a new site first, and then apply for an SSL certificate by configuring the site options, the generated certificate file is fullchain, and there is no trust problem.

Looking forward to the fix!

aaP_l0broot

aaPanel_Kern

aaP_l0broot
Thanks for the feedback, we will test it.

r_beat

aaPanel_Kern I confirm. When issuing LE certificate from the panel, only the certificate itself is being installed (w/o CA Chain). A quick fix will be to get the certificate code from fullchain.pem, rather than from cert.pem.

r_beat

@aaP_l0broot aaPanel_Kern Additionally, LE R3 certificate may be displayed as not trusted on some macOS/iOS devices.

r_beat

aaPanel_Kern Any updates?

aaPanel_Kern

r_beat
Hello, is it normal to reapply for a certificate after the website is established?