Got 4 files, where to specify them?

I used acme.sh to request ssl certificate from letsencrypt and got 4 files.

Your cert is in …com.cer
Your cert key is in …com.key
The intermediate CA cert is in …com/ca.cer
And the full chain certs is there: …com/fullchain.cer

I see an online instruction for apache installation says the following,
SSLEngine on
SSLCertificateFile /path/to/your_domain_name.crt
SSLCertificateKeyFile /path/to/your_private.key
SSLCertificateChainFile /path/to/DigiCertCA.crt

your_domain_name.crt and your_private.key are clear but which one should I use in place of the last one DigiCertCA.crt? Is it ca.cer or fullchain.cer?
Then what about the one left after that? Where do I use it?
Thank you.

  • SSLCertificateKeyFile is your .key file
  • SSLCertificateFile is fullchain.cer
  • Don’t use SSLCertificateChainFile, it’s replaced by SSLCertificateFile since Apache 2.4.8
  • No other certificates or chains need to be configured.
2 Likes

So I only need to use two of the four files I received? Namely, …com.key and …com/fullchain.cer (the second and fourth in the acme.sh message)?

Yes, the multiple files are provided for compatibility with different server software that expects different combinations of objects in a single file. (Believe it or not, there are several other variations that other server software wants, and that people have complained that tools like Certbot and acme.sh still don’t provide for them!)

@_az’s advice should be complete for your situation. :slight_smile:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.