The server is not sending the required intermediate certificate

Question

I have an Amazon issued certificate in ACM that is being used on an application load balancer.  Both the certificate and load balancer are in the same region, and the certificate shows as valid in Firefox and Chrome on my machine.  Other users have reported that the certificate is invalid.  When I check it at www.digicert.com/help/, it shows an error with the first certificate in the chain:  "The server is not sending the required intermediate certificate".  Does anyone know why this is happening?

Answer

I believe the error is not caused by a missing intermediate certificate, but because DigiCert’s tool logic performs checks thinking that ACM certificates are DigiCert certificates. Even though DigiCert is a vendor in the AWS process that performs some hosting; DigiCert is not the Certificate Authority for ACM certificates.  Because of this hosting relationship, the DigiCert systems powering their tool thinks that ACM issued certificates are DigiCert certificates, and therefore, require the DigiCert intermediate certificate.

To summarize, the error on the digicert site is because digicert is comparing the intermediate certificate to their intermediate certificate and it doesn't match because the above certificate is an amazon issued certificate and not a digicert issued certificate. So there is nothing to worry there. It is just that some certificate checkers will require some intermediate certificates which are not necessary.

Please check with other 3rd party SSL checker such as https://www.sslshopper.com/ssl-checker.html?hostname=web.hotline.io, and verify if, certificate has all the necessary chains.

The server is not sending the required intermediate certificate

Relevant content