Certificate cannot be authenticated with given CA certificates

Because the root certificate of the free startssl is not being trusted anymore by some browsers, i got myself a cheap comodo certificate for my seafile server, however sinds i installed this certificate yesterday. website works fine, but (windows) seafile client doesn’t.

When i disable “verify server certificate” in the client.
Seafile starts syncing again, so the client doesn’t seem to be happy about my comodo certificate, but hey i can’t affort a 130 dollar certificate for my freebee family & foundation users

Anybody any idea how can solve this on the server side FOR ALL my clients.

Anybody any idea WHY my comodo certificate is not accepted as a good solution by my clients?

Kind Regards

Here you can get a free valid certificate: Let’s Encrypt

I also think Let’s Encrypt solution is a good one.
We are now using it with no problems with the seafile server on an ubuntu 14 under apache.
Take a look here https://letsencrypt.org/getting-started/
As they say, you will need to automate the process through certbot
There are other solutions for the automation but this is well documented and looks quite stable

Hi Gerard,

may I ask a single stupid question? EDIT: Okay, two!

Where is your server located and from where do you try to connect your client?

We had the situation, that a self hosted seafile server which was running on the clients site worked fine for everybody using it from remote locations using the url https://seafile.client.domain but not for the customer.
When I looked at the client configuration it was pretty clear. They entered the IP address of the server like https://192.168.x.x because they knew the local network address - which is why the certificate did not work, since it is bound to a domain name.

Also I had a situation where Windows kept information about the old certificate.
Uninstalling and reinstalling seafile client did the trick in that case.

Hope to be of help.

Here’s the solution guys ( and dolls)

I forgot to install the intermediate certificates.
Here’s how to do this in linux if your provider does not provide a proper bundle file:

Doing so solved the problem

Please note this topic solved.

Kind Regards