On 2021-04-10 12:09 p.m., Brady Shea wrote:
I finally 'fixed' it myself by using the LE 'fullchain.pem' certificate as the location for the 'ssl_cert' entry (and chain.pem for the ca entry). Previously, it was using the normal cert.pem file location. This is still the way it's setup on the other older machine and still works fine. Changes-
|ssl_ca = </etc/letsencrypt/live/{CertName}/chain.pem (or 'fullchain.pem' should work) *ssl_cert = </etc/letsencrypt/live/{CertName}/fullchain.pem* (was 'cert.pem' previously) ssl_key = </etc/letsencrypt/live/{CertName}/privkey.pem|
/etc/letsencrypt/live/README:
[cert name]/privkey.pem
: the private key for your certificate.
[cert name]/fullchain.pem
: the certificate file used in most server
software.
[cert name]/chain.pem
: used for OCSP stapling in Nginx >=1.3.7.
[cert name]/cert.pem
: will break many server configurations, and
should not be used
without reading further documentation