Incomplete certificate chain

The server is not presenting one or more required intermediate certificates. Clients that cannot build the path to a trusted root fail or produce degraded trust results.

What this usually means

• Leaf onlyThe server sends the end-entity certificate without the issuer intermediate.
• Wrong chain fileThe deployment uses a certificate file that excludes the CA bundle or uses the wrong bundle.

Fix path

• NginxUse the leaf certificate followed by the required intermediates in `ssl_certificate`.
• ApacheDeploy a full chain file or the CA bundle expected by your Apache version and SSL module configuration.
• IISImport missing intermediates into the Intermediate Certification Authorities store and confirm the bound certificate chains correctly.
• AWS ALB / ACMRe-import or re-request the certificate with the correct chain if you are not using ACM-managed issuance.

Verify after change

• Re-run TLS AdvisorThe presented chain should now include the missing issuer certificates in the correct order.
• Check trust stateThe authorization error should disappear for normal public chains.