Can't setup SSL Certificate - Certificate is missing?

yuletide · January 12, 2020, 10:42am

Hello
I have generated a SSL certificate with Certbot for my xmpp server with the following addresses xmpp.myserver.com, myserver.com. After that I manually import my keys in the admin console.
In this case the privkey.pem and cert.pem and enter it in it’s correct box in Openfire Identity Certificate Store.

However when I do that it gives the error:

"A certificate for the domain of this server is missing. Click here to generate a self-signed certificate or here to import a signed certificate and its private key.

I don’t understand what is missing as the keys should be correct.

Forgot to mention OpenFire is running on Debian based distro.

akrherz · January 13, 2020, 3:12pm

I think with letsencypt, you need to include the intermediate certificate along with your cert.pem when you update it via the admin console.

sashalav · April 27, 2020, 1:49pm

I did click on “Click here to generate a self-signed certificate” even I already had a cert. That did create CSR and display it. I saved it as a file and used it with
“certbot --csr” to get Letsencrypt cert.

I had to create bunch of new DNS records for this to work - those depend on features you have enabled within openfire and they will become clear once CSR is created.

ScottishFreedom · April 27, 2020, 4:55pm

Hey, the details at following thread at StackOverFlow might help - Openfire: how to add and auto-renew a letsencrypt certificate https://stackoverflow.com/questions/58544381/openfire-how-to-add-and-autorenew-a-letsencrypt-certificate/61418810#61418810

russrao · December 29, 2023, 7:13am

Hello, can you be more specific about what intermediate certificate?

guus · January 11, 2024, 3:16pm

The fullchain PEM file should contain all certificates (including the intermediates) that you need.