A question about chain.pem


#1

Since I am a newbie, I don’t know if what I am going to ask is a stupid question.

My question is: where should I put the line of code below?
ssl_trusted_certificate /etc/letsencrypt/live/yourdomain/chain.pem;

Should it be in the /etc/letsencrypt/options-ssl-nginx.conf; or should I let it in the virtual host file?


#2

If you’re using nginx, you shouldn’t need to use chain.pem at all. You’d use fullchain.pem as the certificate file.


#3

what version of nginx?
nginx -v


#4

@rg305 I am using nginx 1.10.3


#5

OK then I’m in agreement with @danb35


#6

@rg305 what about
ssl_stapling on;
ssl_stapling_verify on;


#7

If you are using OCSP, then yes, those commands should work.


#8

It would be best to put it next to ssl_certificate and ssl_certificate_key. It keeps life simple, and different certificates can potentially have different chains (though they typically won’t).


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.