I've generated an SSL cert for my domain (moteck.com.au) using certbot and installed it on my shared host (using the certificate, private key and CA bundle, with the last being the contents of fullchain.pem). The web site is running WordPress, which I've configured to use https URLs. The site is served over HTTPS and chrome reports the certificate as being valid. Several 3rd-party SSL checkers also report the site/cert as being valid.
Why does Site Health in WordPress (Tools/Site Health) persistently report a critical issue?
Your WordPress Address is set up to use HTTPS, but the SSL certificate appears to be invalid.
https://www.sslshopper.com/ssl-checker.html reports the following:
The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate.
Should I add the fullchain.pem certs into WordPress somehow (i.e. by updating the CA root certificate)?
My WP install is brand new and my certs are issued by R3, Let's Encrypt, US -- surely Let's Encrypt's intermediates are known/trusted by WP??? I have another site on this environment using a free cert provided by the web host (also issued by R3, Let's Encrypt, US) and WP is happy as Larry about it.
Seems like maybe the chain (intermediate, etc) may be missing.
This site can help you identify your chain and correct the issue.
Apparently the WordPress SSL validation check has known issues: https://core.trac.wordpress.org/ticket/52783
This doesn't explain the chain issue.
With no further insight into the cause of this problem or how to rectify it, our web host generated a new cert on our behalf and the problem has disappeared.