nginx ssl config for cert.pem and chain.pem

Question

The certbot docs say this for cert.pem and chain.pem:

If you provide one of these files to your web server, you must provide both of them, or some browsers will show “This Connection is Untrusted” errors for your site, some of the time.

This is the typical nginx config:

ssl_certificate         /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key     /etc/letsencrypt/live/example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;

???                     /etc/letsencrypt/live/example.com/cert.pem;

Where do I set cert.pem?

`fullchain.pem` includes the content of `cert.pem`. You only need the first two lines with Nginx. The separate cert file is only required for other web servers. — Richard Smith, Oct 11 '19 at 10:53
@RichardSmith That's what I thought, but that warning is pretty scary... — lonix, Oct 11 '19 at 11:03

score 1 · Accepted Answer · answered Jul 12 '22 at 06:59

1

fullchain.pem includes the content of cert.pem. You only need the first two lines with Nginx. The separate cert file is only required for other web servers.

answered Jul 12 '22 at 06:59

Richard Smith

12,834
2
21
29

nginx ssl config for cert.pem and chain.pem

1 Answers1