limbo.teamandtech.com (secondary url) is working as intended, but api.qa.odd.teamandtech.com is giving an error: NET::ERR_CERT_AUTHORITY_INVALID saying connection is not private. Both are intended to be ssl’d and working with https.
My web server is (include version):
nginx / kong
The operating system my web server runs on is (include version):
Ubuntu Xenial
My hosting provider, if applicable, is:
AWS
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
0.31.0
Kong shouldn’t need anything additional; our other QA server is running the same stack and running without issues. Not sure what’s up with this one because there should be no difference between them. I will try this command, one sec.
Yeah the command above doesn’t work because we’re not using the nginx plugin. All of the other certs for our other servers have been generated with standalone. Kong is basically an API gateway / middleware service that sits on top of Nginx. We, or at least I, don’t really touch Nginx itself much anymore.
Aside from the issue of using fullchain.pem instead, this is going to permanently link your server's cert to a specific issuance, which is going to expire in under 90 days. If you want to do it this way, you should link to the file in /etc/letsencrypt/live/. But you'd be better off using the --fullchain-path and --key-path options to tell certbot to put the fullchain and private key in the desired locations.