Check the certificate format
Confirm that your certificate is for NGINX in the x509 format.
If your certificates are being issued by InCommon, you will need to download two files labeled "X509 Certificate only" and "X509 Root/Intermediate (reverse)". The two files will need to be concatenated to produce the order listed below:
Nginx End-Entity - Site certificate (X509 Certificate only) Inter 2 - InCommonRSAServerCA_2 Inter 1 - USERTrustRSAAddTrustCA Trust - AddTrustExternalCARoot
Using a wildcard certificate?
Edit your site's HTTPS settings and click on the I need a cert tab. Do you see the Download CSR button? If not, then that means you did not use our CSR to request your wildcard certificate. Instead, you will need to obtain the KEY that goes with your CRT (contact your CA if you need help locating it).
Was the CSR modified after obtaining the CRT?
If you modified your site's CSR after obtaining your CRT file, you will need to obtain a new CRT using the modified CSR.
Are you using intermediate certificates?
If you have intermediate CA certificates, you can chain them into a single CRT, then upload that to LibApps. The certificate for your domain is located at the top of the CRT file, followed by one or more intermediate certificates. If your CA provides multiple intermediate certificates, they should tell you the proper order to include them inside the single "combined" certificate.
Important note for InCommon certificates
To use InCommon certificates, you must concatenate the domain-specific certificate with the intermediate and root certificates, in a specific order. To learn more, see our instructions for working with InCommon certificates.