Recently, I came across this weird error while I tried Gtmetrix speed checkup on my website which was hosted on AWS EC2 instance. Installing an SSL on EC2 is not as easy as CPanel. I got a free SSL from sslforfree and installed the Certificate on AWS. I was using google chrome and the SSL was working fine but when I tried GTmetrix speed test, it threw an error saying that “An error occurred fetching the page: HTTPS error: certificate verify failed”. Upon checking my SSL certificate on sslshopper, I came to know that my SSL certificate is not valid on all the web browsers, so I wanted to fix it. The exact message that sslshopper showed was
The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate.
What is SSL Intermediate/Chain Certificate Error?
The certificate not trusted error indicates that the SSL certificate is not signed or approved by a company that the browser trusts. This occurs most often for one of the following reasons:
- The web site is using a self-signed certificate. Self-signed certificates can be generated for free but they don’t provide as much trust as a commercial certificate. You can tell your browser to trust the self-signed certificate or you can buy (or ask the site owner to buy) a trusted SSL certificate from a certificate authority.
- The web site is using a free SSL Certificate. Free SSL Certificates are issued by a couple of free certificate authorities but their Root Certificate must be manually imported to each browser to get rid of this error.
- The web site is using a trusted SSL certificate but it is missing a chain/intermediate certificate. Most trusted certificates require that you install at least one other intermediate/chain certificate on the server to link your certificate up to a trusted source.
Source: SSL Shopper
How to Fix SSL Intermediate/Chain Certificate Error?
Step 1: Go to the file where your certificate is located. In AWS EC2, the path will be /opt/bitnami/apache2/conf/. On CPanel, search for SSL/TLS on your CPanel Dashboard. ( I don’t know if this error occurs on websites hosted on CPanel, if it does, try this method to fix it)
Step 2: Now, open the CA Bundle which was provided by your SSL provider when you registered. CA bundle is also a certificate that looks like the main SSL Cerficiate. If you don’t have the CA bundle now, you need to generate a new SSL certificate and note it.
Step 3: Copy the content of CA Bundle and append it after your original certificate. For example, your main SSL certificate is
You need to paste the CA bundle content after the –End Certificate– line.
Note: If you had lost the previous CA bundle and generate a new certificate now, first make sure the ssl certificate is updated on your server first and then append the CA bundle.
Step 4: Save the file and restart the server. Incase of AWS, restart apache using sudo /opt/bitnami/ctlscript.sh restart apache. In CPanel, I don’t think you need to reset the server.
That’s all, now check your SSL on SSl Shopper. I hope this method works. Leave a comment if it worked for you.
I don’t know much about the technical aspects of this error, the above method may not be the best one but it solved my issue and hence I thought I should share.