One of the most common causes of undetected certificate errors are certificate chain errors. However, they are easy to fix. Here’s how.
A story how a certificate error (or certificate chain error) lead into a dip of mobile traffic and how we solved it.
One day I received a call from a customer about a strange dip in their mobile visitor statistics. She couldn’t understand why this happened. I logged into their Piwik instance and started the investigation, where I found the dramatic drop of mobile users to the website. All other traffic was the same no problems there, only a handful of mobile users were registered.
Investigate the why
I opened the website on my mobile phone, nothing showed up… Nothing!? This was strange. I used a different browser (chrome mobile) there was the error:
Now we know that the dip was probably caused by this message. It should stop anyone from browsing any further on such site.
Let’s proceed to the next step: investigate what caused this warning message. A real good starting point for these kind of issues is the free service SSL Labs (from the company named qualys). Using this service you are able to detect the most common errors / best practices. In my case the service pointed me to an extra download in the Certification Path.
Prepare the complete chain
Now that we know what caused the error, we were able to solve it promptly. We quickly navigated to the site, where we downloaded the certificate using our desktop browser.
Using this saved file we can go to yet another free service called certificatechain.io.
We uploaded the file, the service in its turn gathers all the necessary intermediate and root certificates, puts it in the correct order and presents it as a download or a copy option. We provided this resulting file to the administrator team of the company, they took care of the rest.
Shortly after this, the mobile visitors appeared on the Piwik dashboard again, resulting in a happy customer!