GitLab

ISPC 3.1.3

Currently we had multiple customers on Mac OS (latest: Mac OS Sierra Vers. 10.12.4.- Safari Vers. 10.1.) that cannot connect to Let's Encrypt protected Domains. A little search reveals it is an known issue of lets encrypt and - apparently - an simple fix for it. Simply the use of the LE given fullchain.pem instead of the chain.pem.

A) seems to fix the problem in every case. b) seems not to interfere with other Users (OS/Browser)

Solution was as follows:

1. create in symlink to the fullchain-pem in the clients-ssl folder: /var/www/clients/clientX/webY/ssl/domain.example.com.pem -> /etc/letsencrypt/live/domain.example.com/fullchain.pem
2. Inserting the new link as directive over the Interface overwriting in fact the default cert-Declaration.

Unfortunately the symlinks in the clients subfolder are not offering an link to the fullchain by default.

In fact the usage of chain.pem is nothring wrong, but faced with compatibility issue it seems maybe an good solution to add an option for that in an by page level.