yeah i was worried the fullchain.pem wasn’t ideal for ssl_trusted_certificate as usually i have intermediates in there and root is optional
but i also used fullchain.pem for ssl_trusted_certificate with letsencrypt at Letsencrypt Webroot Authentication Tested on Beta invited/whitelisted domain and have no such errors in my logs
using Nginx 1.9.6