Which one should be used? chain.pem or fullchain.pem?
fullchain.pem = cert.pem + chain.pem
You typically use chain.pem (or the first certificate in it) when you're asked for a CA bundle or CA certificate.
You typically use fullchain.pem when you're asked for the entire certificate chain in a single file. For example, this is the case for modern versions of Apache and nginx.
Also adding to @griffin reply the fullchain.pem DOES NOT include a CA's Root Certificates.
No cert should ever include the signing root certificate.
Any program that requires one, was poorly written.
Hear hear.