Difference between fullchain.pem and cert.pem

I have installed 'Lets Encrypt' in my nginx system.

After requesting for SSL certificate, 'Lets Encrypt' creates 2 files, fullchain.pem and cert.pem. Which one should I use for ssl_certificate directive?

Let's Encrypt recommends fullchain.pem. Can I use cert.pem instead of that?

What is the difference?


1 Like

Hi @cubefun,

fullchain.pem is the combination of cert.pem (your "end-entity certificate") with chain.pem (your "(recommended) intermediate certificate chain"), in a single file.

These alternatives exist because different software prefers having these either together or separated, so having the alternatives makes it easier to configure different TLS server software.

In nginx you should currently be able to use fullchain.pem, and it should understand the nature and role of the various certificates in that file automatically.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.