A question about chain.pem

Since I am a newbie, I don’t know if what I am going to ask is a stupid question.

My question is: where should I put the line of code below?
ssl_trusted_certificate /etc/letsencrypt/live/yourdomain/chain.pem;

Should it be in the /etc/letsencrypt/options-ssl-nginx.conf; or should I let it in the virtual host file?

If you’re using nginx, you shouldn’t need to use chain.pem at all. You’d use fullchain.pem as the certificate file.

what version of nginx?
nginx -v

@rg305 I am using nginx 1.10.3

OK then I’m in agreement with @danb35

@rg305 what about
ssl_stapling on;
ssl_stapling_verify on;

If you are using OCSP, then yes, those commands should work.

It would be best to put it next to ssl_certificate and ssl_certificate_key. It keeps life simple, and different certificates can potentially have different chains (though they typically won't).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.