My domain is: media.itgs.be
My operating system is (include version): Windows 10
My web server is (include version): Nginx 1.11.10
I’ve successfully generated the certificates for my domain using “letsencrypt-win-simple” cli.
I’ve included the following in my Ngnix config file server block:
listen 443 ssl; server_name media.itgs.be; ssl_certificate "media.itgs.be-crt.pem"; ssl_certificate_key "media.itgs.be-key.pem";
Now my requests to the server run just fine on my desktop, but on my Android device the site is marked insecure.
SSL labs tells me the certificate chain is incomplete, and going on other similar topics I’ve found (see below), the problem seems to be a missing intermediate certificate.
The solution suggested in those topics is to use the so-called “full chain”, however I did not receive any file with such a name.
The files I received are:
ca-0A0141420000015385736A0B85ECA708-crt.der ca-0A0141420000015385736A0B85ECA708-crt.pem media.itgs.be-all.pfx media.itgs.be-crt.der media.itgs.be-crt.pem media.itgs.be-csr.pem media.itgs.be-gen-csr.json media.itgs.be-gen-key.json media.itgs.be-key.pem Registration Signer
Only one of those remotely sounds like something “full” as in fullchain, being the -all.pfx file.
Under the assumption that that’s the one I’m looking for, I tried to convert it to .pem format using openssl, however it requires a password which I don’t know where to get.
So given this information, 2 questions:
- where is my “fullchain” file?
- how do I get it successfully configured in nginx (need pem format)?
Thanks for your feedback!