Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
When configuring a site to use encryption on Aegir, it adds two lines in the vhost for the SSL certificate:
SSLCertificateFile /var/aegir/config/server_master/ssl.d/site.tld/openssl.crt
SSLCertificateKeyFile /var/aegir/config/server_master/ssl.d/site.tld/openssl.key
With this combo, Apache doesn't know what intermediate CA file to send with the certificate. This means that certificates don't verify cleanly.
If I'm not mistaken, the certificate files get their intermediate CA appended automatically, so the fix should be simple -- to add one line in each vhost that fetches the chain certificate from the same file as the cert itself:
SSLCertificateChainFile /var/aegir/config/server_master/ssl.d/site.tld/openssl.crt
Comments
Comment #1
helmo CreditAttribution: helmo at Initfour websolutions commentedSuch a line is already being included in http/Provision/Config/Apache/Ssl/vhost_ssl.tpl.php based on the ssl_chain_cert variable.
If you add a file called 'openssl_chain.crt' next to the other certificate files it should be picked up automatically.
Comment #3
helmo CreditAttribution: helmo at Initfour websolutions commentedComment #4
anarcat CreditAttribution: anarcat commentedwow, duh, okay, sorry for the noise. :)