How to use the Comodo certificate in Web2py?

When using web2py, it asks a single ssl certificate file.

But what I got from Comodo are two files, one .crt file and one .ca-bundle file.

I tried with using only provide the .crt file when setting up web2py, in the beginning it works. But when I go to my website another day, it shows "This certificate cannot be verified up to a trusted certification authority."

My suspicion is that this is related to the case of not using the .ca-bundle file. So anyone knows how to use both files in web2py settings?

Solution

Finally got it working!

It turns out to be the Web2py 'One step production deployment' script is not complete. It leaves out the 'SSLCertificateChainFile' option when it configures the Apache server.

So by adding this line:

SSLCertificateChainFile = path_to_your_ca-bundle_file

Below the line 'SSLCertificateKeyFile /etc/apache2/ssl/self_signed.key' will do the work.

openssl how to check server name indication (SNI)
How to I deploy nextjs application in a production environment, using ssl?
How can I create a TLS/SSL connection to a mongodb instance on AWS with a certificate made by certificate manager? Health check failed
Is there a way to get the OpenSSL X509 certificate name that im sending to peer in C++?
pip always fails ssl verification
Trust Anchor not found for Android SSL Connection
How to add self-signed generated certificate to trusted certificates from inside a Java keystore?
How to force Laravel Project to use HTTPS for all routes?
Using Keycloak behind a reverse proxy: Could not open Admin loginpage because mixed Content
Python SSL default context not including TLS 1.1 or SSL 2 ciphers
How do I switch Docker containers with .NET Blazor applications from HTTP to HTTPS?
Creating self signed certificate for domain and subdomains - NET::ERR_CERT_COMMON_NAME_INVALID
javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
How to simulate non-SNI browsers (without SNI support)?
How to access phpmyadmin on DDEV Windows 10 pro localhost with SSL record too long error
cURL with SSL certificates fails: error 58 unable to set private key file
Specifying Arduino WiFiClientSecure Certificates
maxscale cannot find gtid_binlog_pos
FreeSWITCH TLS error in 'Client Hello' Request
ASP.NET Core Development Certificates - error exporting the HTTPS developer certificate
Get certificate's public key in the PKCS8 format
Why is Firefox not trusting my self-signed certificate?
Difference between pem, crt, key files
Is it a good idea to distribute docker image containing my selfsigned certificate?
PKIX path building failed: unable to find valid certification path to requested target on chaincode commit on Hyperledger Fabric production network
enable https jenkin server on ubuntu 24.04
OkHTTP (v3.0.0-RC1) Post Request with Parameters
SSL handshake error (CERTIFICATE_VERIFY_FAILED) in grpc++
Convert .pem to .crt and .key
How can I decode a SSL certificate using python?