StartSSL SSL certificate showing up as net::ERR_CERT_AUTHORITY_INVALID in browser

I’ve “purchased” a 3 year StartSSL free Class 1 DV certificate for my development domain, and installed it on NGINX as per their instructions.

I notice that the nginx certificate they provide contains the DV certificate, with my 10 domain aliases added to it, and also the intermediate certificate, which they say should be valid according to the browser (I’ve tried it on Chrome and Firefox with similar results).

  • Docker-compose scale up Jetty with NGINX at runtime
  • Command line arguments to Docker CMD
  • Where store an API Token for Jenkins used in Dockerfile
  • Docker ignores ENTRYPOINT
  • Docker ps and other subcommands all hang forever on CentOS 7.2
  • Chaining Docker Images and execute in order
  • The certificate is appearing as invalid:

    However nearly every SSL validation tool is showing it as a complete chain, no problems at all, with the exception of one tool:

    which shows a missing ‘root’ certificate. However adding that root certificate doesn’t help, and in fact SSL checker (listed above) will then show root as present, but then list another missing certificate instead. Downloading and installing these certificates just makes that chain keep growing to no avail.

    I’ve become quite stuck now! Am I missing something obvious or is this just a bad certificate?

    nginx configuration looks like:

    upstream cc574309c4214a6c01eb8d3dbe9f701eee9daf3d {
                ## Can be connect with "bridge" network
                # sample-1.antony-cert-test.11b35827
                ## Can be connect with "dockercloud" network
                # sample-1.antony-cert-test.11b35827
    server {
        listen 80 ;
        listen [::]:80 ;
        access_log /var/log/nginx/access.log vhost;
        return 301 https://$host$request_uri;
    server {
        listen 443 ssl http2 ;
        listen [::]:443 ssl http2 ;
        access_log /var/log/nginx/access.log vhost;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_session_timeout 5m;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;
        ssl_certificate /etc/nginx/certs/;
        ssl_certificate_key /etc/nginx/certs/;
        add_header Strict-Transport-Security "max-age=31536000";
        location / {
            proxy_pass http://cc574309c4214a6c01eb8d3dbe9f701eee9daf3d;

  • Want to ssh into a running docker container running inside CentOs Image
  • Run Omnet++ inside docker with x11 forwarding on windows. SSH not working
  • is it possible to make a docker image from a debian image
  • Docker local repository deletion does not free space
  • Pass docker-compose environment to symfony configuration
  • Start Docker container using systemd socket activation?
  • 2 Solutions collect form web for “StartSSL SSL certificate showing up as net::ERR_CERT_AUTHORITY_INVALID in browser”

    Thanks to my friend Geoff, and @tkausl for the rapid answers – StartSSL is no longer considered a reputable provider:

    and the link in @tkausl’s response, which oddly didn’t come up in any of my searches.

    I guess I’ll be paying for a certificate then!

    Distrusting New WoSign and StartCom Certificates

    Check letsencrypt, it should satisfy your needs.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.