Hunter Ford Hunter Ford

GoDaddy SSL Certificate and Chrome

On one of my recent projects, I was getting a message from Google Chrome saying: "The site's security certificate is not trusted!"

It was was a valid certificate in all other major browsers. And a few different computers running Chrome had no issues. So what gives?

Through some Googling, I learned this:

This could be because the SSL provider is using a new Root certificate that isn't included in the old browsers and devices. The error can usually be fixed by installing an Intermediate certificate that will link the new Root certificate to an old trusted certificate. –Robert [SSL Certificate Not Trusted Error]

If your curious to learn more about intermediate certificates, GoDaddy has a decent explanation: What is an intermediate certificate?
How to Fix

You need to download a GoDaddy Secure Server Certificate (Intermediate Certificate): gd_intermediate.crt [GoDaddy Repository]

For Apache, you need to add the following to your configuration:

SSLCertificateChainFile /etc/certs/gd_intermediate.crt

For Nginx, there's a little more work to do the same thing. You need to concatenate your existing certificate file with the intermediate certificate to produce a new certificate file, which you will as your new certificate.

cat example.com.crt gd_intermediate.crt > example.com-combined.crt

Then in your nginx configuration file you can change

ssl_certificate      /etc/certs/example.com.crt;

to

ssl_certificate      /etc/certs/example.com-combined.crt;

Comments

  • richard

    by "existing file", do you mean (website+root), or do you mean (website)?
  • Jon

    If you are still having an issue with the security certificate, it is interesting to note, that if the PC you are using is not set to the correct time and date, it will see the security certificate as invalid. As you are not within the dates of expiration.