How to Fix Certificate Chain Incomplete Warning [Easy Fixes]

The “Incomplete SSL Certificate Chain” warning happens when a website’s SSL certificate isn’t properly chained to a trusted root certificate authority (CA).

SSL concepts sound very straightforward in that you deploy an SSL certificate to protect your website and visitors and encrypt their communication to avoid malicious actors’ intervention.

But most people don’t bother digging into the technical details. Instead, they leave SSL setup and troubleshooting to professionals—and who can blame them? That’s exactly the kind of hassle-free support Cloudways provides.

However, if you are going to fix it yourself, this blog will explain why warnings like “Incomplete SSL Certificate Chain” or “Certificate chain incomplete” occur and how you can quickly fix them.

What Is the SSL Chain of Trust?

The SSL Chain of Trust ensures that your website’s SSL certificate is legit. It’s like a VIP pass that says, “Yep, this site is trustworthy.”

Here’s how it works: when you buy an SSL certificate, you get a few things. One of them is your site’s certificate. Then, there’s an intermediate certificate from a trusted Certificate Authority (CA) like DigiCert or Comodo.

Now, browsers (like Chrome or Firefox) have a list of these trusted root certificates. When someone visits your site, their browser checks your SSL certificate. It follows the chain: first to the intermediate certificate, then to the root certificate, and finally confirms that your site is good to go.

But here’s the catch: if any part of that chain is missing or off, the browser gets suspicious. That’s when you’ll see security warnings saying the chain is broken or incomplete. So, this whole process is what makes SSL encryption secure.

Now, let’s talk about why this “incomplete SSL certificate chain” or “broken chain” happens in the first place.

Managed WordPress Hosting With Free SSL & Blazing Performance

Get free SSL for rock-solid security, plus our optimized Nginx + Apache hybrid stack, built-in caching (Varnish, Redis, Memcached), and SSD storage for lightning-fast load times.

Learn More

Why Does a Certificate Chain Incomplete Error Occur?

Incomplete SSL Certificate Chain” or “Broken SSL Chain” errors can pop up for a few reasons, and they’re usually tied to how your SSL certificate is set up. Let’s break it down:

Missing or Incorrect Intermediate Certificate

When you set up a custom SSL certificate, you need two things: your website’s SSL certificate and the intermediate certificate from the Certificate Authority (CA). Sometimes, you might also need the Private Key. If the intermediate certificate is missing, installed wrong, or the wrong one is uploaded, the SSL chain breaks. Browsers won’t trust your certificate, and you’ll see security warnings.

Expired or Revoked Intermediate Certificate

Intermediate certificates don’t last forever. If yours expires or gets revoked, it breaks the SSL chain. The result? Those same browser warnings you’re trying to avoid.

Server Certificate Not Signed by a Trusted Authority

For browsers to trust your SSL certificate, it needs to be signed by an intermediate certificate, which in turn should be signed by a trusted root certificate. This creates a complete chain of trust. If any part of this chain is missing or messed up, browsers won’t trust your certificate, and errors will show up.

Certificate Not in the Browser’s Trust List

If your SSL certificate isn’t from a trusted authority or the root certificate isn’t in the browser’s built-in trust list, the browser won’t be able to validate it. This leads to an incomplete chain error for anyone visiting your site.

Browsers rely on a complete and valid SSL chain to verify certificates. If anything disrupts that chain, users will see trust issues and security alerts—definitely not what you want!

How to Identify the Incomplete Certificate Chain Warning?

To identify if your website has an incomplete SSL certificate chain, you need to check for errors in your browser. If you’re not seeing any SSL warnings while browsing your site, then your visitors likely aren’t seeing them either. However, it’s still important to double-check to make sure your website isn’t vulnerable.

Here’s how different SSL checking tools show if there’s a problem:

Qualys SSL Labs

This is how Qualys SSL Labs warns you when the SSL certificate chain is broken.

SSL Shopper

That’s how SSL Shopper warns when the SSL certificate chain is broken.

Why No Padlock

That’s how Why No Padlock warns when the SSL certificate chain is broken.

Comodo SSL Store

And that is how Comodo SSL Store warns when the SSL certificate chain is broken.

Install SSL Without Chain Issues Using Cloudways’ Free SSL

One of the easiest ways to avoid SSL chain issues is to use a hosting provider that offers a fully managed SSL setup. Cloudways provides free Let’s Encrypt SSL certificates with 1-click installation, ensuring your site is secure from the start—without manual configuration or missing certificate errors.

With Cloudways, SSL certificates are automatically renewed, eliminating the risk of expiration-related warnings. Plus, Cloudways’ optimized stack ensures that SSL installation works seamlessly with its built-in security measures, so you don’t have to troubleshoot chain issues later.

If you’re hosting on Cloudways, this streamlined method ensures your SSL setup is both reliable and hassle-free.

Get Free SSL on Cloudways & Secure Your Site Instantly

Stop losing visitors to security warnings! Cloudways’ managed hosting comes with free Let’s Encrypt SSL, ensuring your site stays fast, secure, and fully trusted.

Learn More

How to Fix the Incomplete Certificate Chain Warning?

First off, if you’re unsure, the easiest fix is to reach out to your hosting provider.

They can help you obtain the missing intermediate certificate and add it to your setup. If you’re a Cloudways customer, you can contact us at any time, and our support team will be more than happy to help you resolve this issue quickly.

If you want to handle it yourself, there’s a tool called What’s My Chain Cert?.

You just paste the content of your SSL certificate into the tool, hit “Generate Chain,” and download the correct intermediate certificate or CA Bundle.

Now, log into your hosting control panel like cPanel, Plesk, or a custom dashboard.

Look for the SSL/TLS section and find your installed SSL certificate.

There’s usually a place to paste the new Intermediate certificate in the “CA Bundle” field.

If you’re using cPanel, some plugins like Really Simple SSL can help simplify SSL configuration. However, it won’t automatically fix missing intermediate certificates unless your hosting provider supports API-based installations.

If automatic installation doesn’t work, you can install the certificate manually:

1. Open cPanel and go to the SSL/TLS section.
2. Select Manage SSL Sites (or the equivalent option in your panel).
3. Paste the CRT, KEY, and CABUNDLE fields.
4. Click Install Certificate.

After that, your site will be secured by an SSL certificate.

To verify everything is working correctly, run a quick test on Qualys SSL Labs SSL Test or check the Security tab in your browser’s Developer Tools (F12 in Chrome).

Easy fix, right?

How to Fix the Incomplete Certificate Chain Warning With Cloudways?

To fix this issue, you must modify/add an active intermediate certificate. If you are a Cloudways client, it is just a matter of copying and pasting instead of running several commands on your server.

Step #1: Check if You Have the Intermediate Certificate

First, you need to identify if you possess your intermediate certificate or not.

When you purchase an SSL certificate, your SSL vendor provides two key files:

• Your application certificate (.crt/.cer file)
• The intermediate certificate (.ca/.ca-bundle file)

If you already have both files, move on to Step #2. If you’re missing the intermediate certificate, you can generate one using What’s My Chain Cert?, as explained earlier.

Step #2: Install the SSL Certificate on Cloudways

Now, log in to the Cloudways Platform. Once logged in, navigate to the Servers tab from the top menu bar and choose the target server on which your desired application/website is deployed.

Next, click www, located at the right-hand side of the server box. Select your target application from the drop-down list.

In the Application Management menu, select an SSL Certificate.

Step #3: Install or Reinstall the Certificate

At this stage, you’ll see either the “Install Certificate” or “Re-Install SSL” option. Follow the steps based on what appears on your screen.

I See the “Install Certificate” Option

Click Install Certificate.

A dialog box will prompt you to enter:

• Certificate Code: The content of your .crt/.cer file.
• CA Chain: The intermediate certificate (.ca/.ca-bundle file).

Paste the required details and hit Submit to deploy the certificate.

Once installed, your SSL certificate and its chain should be active in a few minutes.

I See the “Re-Install SSL” Option

Click Re-Install Certificate.

Enter the required details:

• CRT content: The application SSL certificate (.crt/.cer file).
• CA Chain: The intermediate certificate (.ca/.ca-bundle file). If needed, concatenate the .crt and .ca files using a text editor (Notepad/TextEdit).
• Private Key (.KEY file): The private key is generated during the SSL request process.

Please note that these file formats and standards can vary, considering there are many SSL certificate providers with many different formats and standards. Still, if you need any help, you can always contact us via Live Chat or create a support ticket.

Finally, paste all the necessary details and click SUBMIT to deploy the certificate with the correct chain.

Important: HTTPS Redirection Considerations

If you’re using a Web Application Firewall (WAF) like Cloudflare or Sucuri or have already enabled HTTPS redirection via an application plugin or .htaccess, do not enable redirection from the Cloudways Platform to avoid redirection loops.

If needed, you can force HTTPS redirection later through the platform.

Final Step: Verify the SSL Installation

To confirm your SSL certificate and intermediate chain are installed correctly:

• Use Qualys SSL Labs SSL Test to check your certificate chain.
• Open your website in Chrome, press F12, go to the Security tab, and verify the certificate details.

Your site is now secured with a complete SSL certificate chain!

Wrapping Up!

I hope this guide helped you fix the incomplete certificate chain warning. In this guide, we first covered the general approach—checking for the missing intermediate certificate, generating one if needed using What’s My Chain Cert, and manually installing it via cPanel, Plesk, or a custom hosting dashboard.

Then, we walked through the Cloudways method, which simplifies the process by letting you install or re-install the certificate directly through the platform.

If you still run into any issues, your hosting provider should be able to help. If you’re a Cloudways user, you can always reach out to our support for quick assistance.