Forum.yunohost.org SSL errors

I noticed that some browsers are having trouble with this forum’s ssl. Below are the errors I encountered.

Lynx 2.8.8 pre.4 (04 Feb 2014)

SSL error:the certificate has no known issuer-Continue? (y)


Qupzilla 1.6.0

SSL Certificate Error!

The page you are trying to access has the following errors in the SSL certificate:

  • Organization:
  • Domain Name: forum.yunohost.org
  • Expiration Date: 18:09:23 Sunday 11, October 2015
  • Error: The issuer certificate of a locally looked up certificate could not be found
  • Error: The root CA certificate is not trusted for the purpose
  • Error: No certificates could be verified
Would you like to make an exception for this certifiate? (Yes) (No) (Only for this session)

Konqueror 4.13.3 and rekonq 2.4.2

The server failed the authenticity check (forum.yunohost.org).

The certificate authority’s certificate is invalid
The root certificate authority’s certificate is not trusted for the purpose
The certificate cannot be verified for internal reasons

(Details)
Address: forum.yunohost.org
IP address: 178.62.196.59
Encryption:
Details:
SSL version: TLSv1.2
Certificate chain: forum.yunohost.org

Subject
Common name: forum.yunohost.org
Organization:
Organizational unit:
Country: FR
State:
City:
Issuer
Common name: StartCom Class 1 Primary Intermediate Server CA
Organization: StartCom Ltd.
Organizational unit: secure Digital Certificate Signing
Country: IL
State:
City:

Trusted: NO, there were errors:
The certificate authority’s certificate is invalid
The root certificate authority’s certificate is not trusted for the purpose
The certificate cannot be verified for internal reasons
Validity perios: 2014-10-11 12:27 to 2015-10-11 18:09
Serial number: 1277541
MD5 digest: 16f6918c39fb76cafe61e565dd657887
SHA1 digest: bdd9b8f91c5d2e0db272229e4b2272fccbe9903e

Midori 0.4.3
Doesn’t throw an error, but considers the page “Not verified”.


Upon further inspection, Qualys SSL Labs reports:

[…]
This server’s certificate chain is incomplete. Grade capped to B.
[…]
Certificates provided: 1 (1634 bytes)
Chain issues: Incomplete
[…]

GeoCerts SSL Checker reports a similar situation.

Are you still getting this ? I’m seeing letsencrypt certificates.

The Qualys report indicates A+ https://www.ssllabs.com/ssltest/analyze.html?d=forum.yunohost.org&s=165.227.141.11&latest

Maybe the yunohost team upgraded/fixed the certificates since then. (Wow 2015! why did this message appear in my page). We can probably close this.

Personnaly i think it was ca-certificate was not installed on the machine with this browser (firefox and other “big browser” seems to includes ca certificate directly).