For future references (if OCSP is still a thing)
ssl_trusted_certificate is the CA certificate plus the intermediate certificate, not your fullchain.pem file (which is the leaf certificate + intermediate certificate)
In most Nginx releases, Nginx should be able to detect the root certificate for your intermediate (if the root certificate is in your CA trust store), which just means: you don’t need to specify this.
For dual stack certificates, especially certificates with different root CAs, don’t specify this value. Dual stack was supported in a later release and currently there’s no way (and no need) to specify two root certificate in the same file, if you have an up to date CA store.
1 Like