privkey.pem contains only the private key, this is expected
cert.pem contains ONLY the server certificate
chain.pem contains ONLY the ROOT certificate
fullchain.pem contains ONLY SERVER and ROOT.
When the certificates arrive and the service goes live in sept what will these files contain?
Will cert.pem still contain ONLY the server cert? Or will it also bundle the INTERMEDIATES?
Or will it be chain.pem that contains the INTERMEDIATES?
Considerations:
node.js and golang MUST have a server.pem that contains the SERVER + INTERMEDIATES. They won't complain if the root is there, it's just superfluous.
haproxy MUST NOT have the root in the chain or it throws an error
It's very easy to play with cat to get the right combination, but it would be best if the files sort out such that we can write docs for every type of webserver and simply say "for webserver x use foo for key and bar for chain" or "for webserver y use just baz".
Preferred:
cert.pem - cert
chain.pem - intermediates
server.pem - cert + intermediates
root.pem - root
fullchain.pem cert + intermediates + root
--
You received this message because you are subscribed to the Google Groups "Let's Encrypt Client Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to client-dev+...@letsencrypt.org.
To post to this group, send email to clien...@letsencrypt.org.
To view this discussion on the web visit https://groups.google.com/a/letsencrypt.org/d/msgid/client-dev/7798833d-52fc-4fcd-8d8e-422b079ff9e5%40letsencrypt.org.
This directory contains your keys and certificates.
`privkey.pem` : the private key for your certificate.
`fullchain.pem`: the certificate file used in most server software.
`chain.pem` : used for OCSP stapling in Nginx >=1.3.7.
`cert.pem` : will break many server configurations, and should not be used without reading further documentation (see link below).
We recommend not moving these files. For more information, see the Certbot
User Guide at https://certbot.eff.org/docs/using.html#where-are-my-certificates.
bitnami@3Mandates:/etc/letsencrypt/live/www.findlife.today$ This directory contains your keys and certificates.
`cert.pem` : will break many server configurations, and should not be used without reading further documentation (see link below).