Searx (based on Nginx) "Let's Encrypt" SSL certificate is not valid for Safari (iPhone and MacOS), it is valid for the rest of the world

nginx ssl-certificate lets-encrypt

Solution 1:

Your problem stems from the fact that your web server is not sending any chain certificates with your leaf certificate. This is what the SSL Labs test is trying to tell you when it says, "This server's certificate chain is incomplete".

Browsers and other clients have to guess how to verify the certificate you're sending and some are more capable/lenient than others at doing this. Safari is not. This only started happening recently due to a recent Root CA certificate expiration.

In your nginx config, you likely have a line such as:

ssl_certificate  /etc/letsencrypt/live/ricercaalternativa.mydissent.net/cert.pem;

If so, change cert.pem to fullchain.pem and restart nginx. Then re-check via SSL Labs and see what it says about your chain.

Related

programmatic access to "ip route show"
TC hashing filters - single rule deletion
Are there any good intranet search engines?
Connecting a displayport monitor to my Mac Mini (late 2012) using the Thunderbolt port what is the max resolution?
How to create an email group easily in Mac OS X?
How to connect to FTP from Finder with '@' in the credentials?
How do I re-add a card that I swiped away from Google Now?
How can I modify a DVD image (ISO) and then burn a new DVD?
Unable to format pendrive, diskutil error
Can't restore to backups after removing disk in Time Machine
How do I move a window vertically above the menu bar?
What are the compression/resolution/bandwidth limitations of Airplay mirroring?