Why certificate letsencrypt is considered unreliable?

Did according to instructions, but accidentally made the first paragraph .well-known , then added a single file and updated the certificates.
Popped up the message that everything is OK
f55ad12645ab44f2b889f81d72e68238.PNG
Rebooted nginx, trying to connect to the website and I see that the certificate has been updated(was advised yesterday the certificate expired on September 26,here 27), but is still considered unreliable...How to confirm?

An example nginx config
server {
 listen 192.168.47.64:80;
 server_name example.com www.example.com;
 # enforce https
 return 301 https://$server_name$request_uri;

 if ($scheme != "https") {
 return 301 https://$host$request_uri;
}
}
server {
 listen 192.168.47.64:443;
 server_name example.com www.example.com;
 ssl on;
 ssl_certificate /etc/certbot/live/example.com/fullchain.pem;
 ssl_certificate_key /etc/certbot/live/example.com/privkey.pem;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

 location / {
 root /srv/www/example.com;
}
 include letsencrypt.conf;

 # if ($scheme != "https") {
 # return 301 https://$host$request_uri;
 # }
}


Error in browser
828a8ccd82354d889146245bfba0aa35.PNG

Information about the certificate
038e66e350bd400d8383abf4369f59c3.PNG
Don't know what she can give you

The test result is SSLSHopper
4757d45f53e840a894fe0d5575b30e34.PNG

Overlooked in the settings of the config line with the test server...the Problem is solved,thank you all!!
July 8th 19 at 11:13
4 answers
July 8th 19 at 11:15
Solution
why is it considered unreliable? what kind of error gives the web browser?
he says that is not confirmed by certificate.As if it is self-signed - sim_Schaden49 commented on July 8th 19 at 11:18
and information to the certificate that is written? what he signed? you can see a screenshot at least?
in Chrome: DevTools - tab Security and there is information about the certificate - Mackenzie.Rogahn71 commented on July 8th 19 at 11:21
: put - sim_Schaden49 commented on July 8th 19 at 11:24
: You have to sign you use a test server and not the main.
here it is written: https://community.letsencrypt.org/t/cn-fake-le-int...
the truth is there about the update in question, but the point is that you need the config to see what the server is for signing
here's the link
serverfault.com/questions/767723/letsencrypt-certi... - Mackenzie.Rogahn71 commented on July 8th 19 at 11:27
July 8th 19 at 11:17
Solution
but accidentally took the first point with .well-known

If you do not pass the screening process, then your certificate is not signed, and therefore trust him not.
will only reissue the certificate.
Re-released, the result is the same. - sim_Schaden49 commented on July 8th 19 at 11:20
: can't be, show me who signed the certificate - Mackenzie.Rogahn71 commented on July 8th 19 at 11:23
: apply the result of the check sslshopper and - sim_Schaden49 commented on July 8th 19 at 11:26
July 8th 19 at 11:19
The problem with the date, possible due to misalignment of time zones as an option. But unreliable may be due to a misconfiguration of the web server. The spring was the problem I have is Opera new.
If I am not mistaken, you have the option to revoke the certificate and create a new one. Or just create a new one.
problems with date no, there I pointed out that the certificate I picked up nginx-Ohm. - sim_Schaden49 commented on July 8th 19 at 11:22
Checked on the website https://www.ssllabs.com/ ,it indicated that it is not confirmed. - Mackenzie.Rogahn71 commented on July 8th 19 at 11:25
: Recreate the certificate. Via a review or just a new. I came up with? - sim_Schaden49 commented on July 8th 19 at 11:28
July 8th 19 at 11:21
https://community.letsencrypt.org/t/sec-error-unkn... read?
I had a similar problem but with iis https://community.letsencrypt.org/t/iis-8-5-buildi...
the problem was in non-compliance of chain of signatories and resolved replacement.
now I will look - sim_Schaden49 commented on July 8th 19 at 11:24

Find more questions by tags SUSENginxLinux