I have generated the certificate for my domain using the following command:
sudo certbot certonly --manual --preferred-challenges http -d mydomain.co.uk,www.mydomain.co.uk
Now, I have noticed that the chain.pem and fullchain.pem files are identical, and I noticed this because I receive an error when I try to upload the certificates in AWS (Amazon Web Services) Certificate Manager.
Any idea why this is happening?
Hi @Mev, and welcome to the LE community forum
Please show the directory listing the two files.
[I'm pretty sure they aren't equal and their sizes should make this apparent]
ls -l /etc/letsencrypt/mydomain.co.uk/
ls -l /etc/letsencrypt/archive/mydomain.co.uk/ here—the certificate storage directory won't be directly, immediately under
Hello, and thanks for your replies.
So, the ls command returns different file sizes:
lrwx--x--x+ 1 root wheel 40 10 May 11:04 chain.pem -> ../../archive/mydomain.co.uk/chain1.pem lrwx--x--x+ 1 root wheel 44 10 May 11:04 fullchain.pem -> ../../archive/mydomain.co.uk/fullchain1.pem
however, if I
cat chain.pem and
cat fullchain.pem and paste both in a text editor, they are exactly the same.
to confirm this, I have ran:
git diff /private/etc/letsencrypt/live/mydomain.co.uk/fullchain.pem /private/etc/letsencrypt/live/mydomain.co.uk/chain.pem
and this is the result:
`diff --git a/private/etc/letsencrypt/live/mydomain.co.uk/fullchain.pem b/private/etc/letsencrypt/live/mydomain.co.uk/chain.pem
index 41a561a..f64a40f 120000
@@ -1 +1 @@
\ No newline at end of file
\ No newline at end of file`
Their content is the same.
I solved my issue by using the help of this website: https://whatsmychaincert.com/
and by pasting the certificate I was able to generate a chain (from which I just had to remove the leaf certificate part at the beginning and leave only the intermediate part at the end).
No errors from Amazon after doing this, and the certificate is running on my domain correctly.
I just don't understand why I wasn't able to use the certificates created by certbot.. I guess the chain.pem includes some extras (and it looks the same as the fullchain.pem)
Welcome to the Let's Encrypt Community
I might have an idea of what's happening.
What is the output of this command?
sudo certbot --version
Hello, thank you for your help.
I have: certbot 1.14.0
I am using a Macbook Pro with Apple M1 chipset on Mac OS Big Sur 11.2.3.
Looking forward to understand what's happening
What are the current outputs of these commands?
sudo ls -lRa /etc/letsencrypt/archive/mydomain.co.uk
sudo ls -lRa /etc/letsencrypt/live/mydomain.co.uk
Hello, sorry I did not receive your notification.
The first command's output is:
drwxr-xr-x 6 root wheel 192 10 May 11:22 .
drwx------ 3 root wheel 96 10 May 11:04 ..
-rw-r--r-- 1 root wheel 1874 10 May 11:04 cert1.pem
-rw-r--r-- 1 root wheel 3749 10 May 11:04 chain1.pem
-rw-r--r-- 1 root wheel 5623 10 May 11:04 fullchain1.pem
-rw------- 1 root wheel 1704 10 May 11:04 privkey1.pem
The second command's output is:
drwx------+ 7 root wheel 224 10 May 11:04 .
drwx------+ 5 root wheel 160 10 May 11:26 ..
-rw-------@ 1 root wheel 692 10 May 11:04 README
lrwx--x--x+ 1 root wheel 39 10 May 11:04 cert.pem -> ../../archive/mydomain.co.uk/cert1.pem
lrwx--x--x+ 1 root wheel 40 10 May 11:04 chain.pem -> ../../archive/mydomain.co.uk/chain1.pem
lrwx--x--x+ 1 root wheel 44 10 May 11:04 fullchain.pem -> ../../archive/mydomain.co.uk/fullchain1.pem
lrwx--x--x+ 1 root wheel 42 10 May 11:04 privkey.pem -> ../../archive/mydomain.co.uk/privkey1.pem
Thank you very much for your help!
As you can clearly see from the file sizes, those two files cannot be the same.
I noticed you're using the
/private/ directory earlier, I assume you used that directory this time too? Or are there two
OK , then also, what about:
ls -l /private/etc/letsencrypt/live/mydomain.co.uk/fullchain.pem
ls -l /private/etc/letsencrypt/live/mydomain.co.uk/chain.pem
git diff analyzes the two files you listed for their uncommitted changes.
diff would analyze the two files you listed for differences between each other.
diff -git is an artifact on the commandline from when you invoke
git diff. under the hood it does some magic that is not worth getting into.
chain.pem, so that may have been confusing to you as well. as @Osiris pointed out, the file sizes are not identical and therefore their contents cannot be the same.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.