SSLForFree | Let 's Encrypt 的最大贡献是它的 ACME | TLS library

I am trying to get my website up and I am having some problems when starting my XAMPP Apache server

I've got a certificate from sslforFree.com that it contains 3 files:

1-ca_bundle.crt

2-certificate.crt

3-private.key

I could config my Spring-Boot application with a self-signed certificate that was created by Java key tools, now my question is that how can I use these three files??

I expected that there should be just one file that I can put it into my Keystore, but now there are 3 files and I don't know how to use them.

On the other hand, I have android applications as a client. It needs to have a .pem file as a certificate that contains a public-key as below format(I mean just the value of the tags):

I want to create a HTTPS Ingress for my microservice infrastructe, on Google Kubernetes Engine, for my test environment. Basic HTTP Ingress works fine and now I want to create a secure one. I don't have a domain, I want my UI to make requests via https directly on the Ingress IP.

I've used Let's Encrypt (sslforfree website) to create a certificate for an IP that was accessible to me. But this ip i've used for the domain name in the certificate is not the IP on which the Ingress was created. Now all requests return 401 and I don't know why. First error the browser returns is the following:

I generated my SSL from SSLforFree/ZeroSSL, and according to the steps for installation listed on their website, https://zerossl.com/help/installation/nginx/

1. Downloaded the SSL Files
2. Moved them to the Server
3. Merged the certificate.crt & ca_bundle.crt with (cat certificate.crt ca_bundle.crt >> certificate.crt)
4. Added following lines in the hosts file of nginx:
   ssl on;
ssl_certificate /etc/ssl/certificate.crt;
ssl_certificate_key /etc/ssl/private.key;
5. Restarted Nginx Server with (sudo service nginx restart)
6. Error received, and checked the error details by (journalctl -xe)
7. Error was:
   nginx: [emerg] PEM_read_bio_X509_AUX
(SSL: error:0908F066:PEM routines:get_header_and_data:bad end line)

Bad(?) news "SSL For Free is joining ZeroSSL". Since their news I renewed my certificates and TLS stopped working. Used to work fine.

With new certificates I get error "You may need to install an Intermediate/chain certificate to link it to a trusted root certificate" from https://www.sslshopper.com/ssl-checker.html and this error "TLS Certificate is not trusted" from https://www.digicert.com/help.

Browsers are smart enough to mask the problem but my Android app uses an API and it stopped working.

Anyone else getting TLS problems since ZeroSSL got involved?

I'm using redbirdjs on nodejs which is awesome since its so simple (two domains, same server), but Zero provides no installation instructions for my setup. (My domains are small in traffic so using the fastest webservers etc. isn't an issue).

Zero took away the 2 domains in one cert option (gee thanks) so my updated script looks like:

I'm getting crazy with SSL certificates. After trying from lots of different providers I finally got one using SSL for free.

But there's one thing that I haven't understood yet.

Do I have to upload my certificate on my Domain provider (such as Register.it) or on my Host service (such as 000webhost or InfinityFree)?

The problem is that 000webhost offers a better service but not the possibility to upload an SSL certificate on a free plan, while InfinityFree (which offers a worse service) does.

I have the possibility to upload my certificate on the Domain provider (Register.it), but I can't understand if it works or it is overridden by InfinityFree one, and I have difficulties in trying switching from Host to Host because of the really slow DNS propagation.

Sorry if I made confusion, but it was to explain better my situation... My question remains one: Do I have to upload my certificate on my Domain provider or on my Host service?

In production my website uses a Let's Encrypt certificate, so that the user can see in the browser the valid certificate lock. If the user navigates to route example.com/dashboard, I would like the login using client side certificate (and not username/password).

I have generated on a server using openssl private & public key. The public key stays on server and the private key is sent to the client.

Using this tutorial, I have created in server.js