Hello,
I have generated the certificate for my domain using the following command: sudo certbot certonly --manual --preferred-challenges http -d mydomain.co.uk,www.mydomain.co.uk
Now, I have noticed that the chain.pem and fullchain.pem files are identical, and I noticed this because I receive an error when I try to upload the certificates in AWS (Amazon Web Services) Certificate Manager.
Please show the directory listing the two files.
[I'm pretty sure they aren't equal and their sizes should make this apparent] ls -l /etc/letsencrypt/mydomain.co.uk/
So, the ls command returns different file sizes: lrwx--x--x+ 1 root wheel 40 10 May 11:04 chain.pem -> ../../archive/mydomain.co.uk/chain1.pem lrwx--x--x+ 1 root wheel 44 10 May 11:04 fullchain.pem -> ../../archive/mydomain.co.uk/fullchain1.pem
however, if I cat chain.pem and cat fullchain.pem and paste both in a text editor, they are exactly the same.
to confirm this, I have ran: git diff /private/etc/letsencrypt/live/mydomain.co.uk/fullchain.pem /private/etc/letsencrypt/live/mydomain.co.uk/chain.pem
and this is the result:
`diff --git a/private/etc/letsencrypt/live/mydomain.co.uk/fullchain.pem b/private/etc/letsencrypt/live/mydomain.co.uk/chain.pem
index 41a561a..f64a40f 120000
@@ -1 +1 @@
-../../archive/mydomain.co.uk/fullchain1.pem
\ No newline at end of file
+../../archive/mydomain.co.uk/chain1.pem
\ No newline at end of file`
Their content is the same.
I solved my issue by using the help of this website: https://whatsmychaincert.com/
and by pasting the certificate I was able to generate a chain (from which I just had to remove the leaf certificate part at the beginning and leave only the intermediate part at the end).
No errors from Amazon after doing this, and the certificate is running on my domain correctly.
I just don't understand why I wasn't able to use the certificates created by certbot.. I guess the chain.pem includes some extras (and it looks the same as the fullchain.pem)
OK , then also, what about: ls -l /private/etc/letsencrypt/live/mydomain.co.uk/fullchain.pem ls -l /private/etc/letsencrypt/live/mydomain.co.uk/chain.pem
git diff analyzes the two files you listed for their uncommitted changes.
diff would analyze the two files you listed for differences between each other.
diff -git is an artifact on the commandline from when you invoke git diff. under the hood it does some magic that is not worth getting into.
fullchain.pem contains chain.pem, so that may have been confusing to you as well. as @Osiris pointed out, the file sizes are not identical and therefore their contents cannot be the same.