A question about chain.pem

wizozi · May 11, 2018, 8:35pm

Since I am a newbie, I don’t know if what I am going to ask is a stupid question.

My question is: where should I put the line of code below?
ssl_trusted_certificate /etc/letsencrypt/live/yourdomain/chain.pem;

Should it be in the /etc/letsencrypt/options-ssl-nginx.conf; or should I let it in the virtual host file?

danb35 · May 11, 2018, 8:39pm

If you’re using nginx, you shouldn’t need to use chain.pem at all. You’d use fullchain.pem as the certificate file.

rg305 · May 11, 2018, 8:51pm

what version of nginx?
nginx -v

wizozi · May 11, 2018, 9:06pm

@rg305 I am using nginx 1.10.3

rg305 · May 11, 2018, 9:07pm

OK then I’m in agreement with @danb35

wizozi · May 11, 2018, 9:09pm

@rg305 what about
ssl_stapling on;
ssl_stapling_verify on;

rg305 · May 11, 2018, 9:28pm

If you are using OCSP, then yes, those commands should work.

mnordhoff · May 11, 2018, 9:49pm

It would be best to put it next to ssl_certificate and ssl_certificate_key. It keeps life simple, and different certificates can potentially have different chains (though they typically won't).

system · June 10, 2018, 9:49pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.