well, this is embarrassing. I hadn't revisited my Apache configuration for years, and it turns out I had old SSLCertificateChainFile directives in my configs pointing to an obsolete cert. I was thinking that directive had to do with client certs.

Well, anyway, I pointed that to my letsencrypt cert fullchain.pem, and now all my websites check out at DigiCert.

Back to blog or home page

last updated 2020-04-14 18:42:55. served from tektonic.jcomeau.com