Summary
In summary I have some certificate related files and some certificate related instructions but I'm not sure which files are which !
Background
I've just installed a certificate from Lets Encrypt by using acme.sh
The output from that process looks like this :
[Sat Aug 18 02:50:24 UTC 2018] Your cert is in /home/ubuntu/.acme.sh/www.foobar.xyz/www.foobar.xyz.cer
[Sat Aug 18 02:50:24 UTC 2018] Your cert key is in /home/ubuntu/.acme.sh/www.foobar.xyz/www.foobar.xyz.key
[Sat Aug 18 02:50:24 UTC 2018] The intermediate CA cert is in /home/ubuntu/.acme.sh/www.foobar.xyz/ca.cer
[Sat Aug 18 02:50:24 UTC 2018] And the full chain certs is there: /home/ubuntu/.acme.sh/www.foobar.xyz/fullchain.cer
So after configuring Nginx this is all works when requests are made to https://www.foobar.xyz through a conventional browser.
Problem
But when I make the same request via Curl I get :
curl: (60) SSL certificate problem: unable to get local issuer certificate
So it seems there are two ways to fix this.
- tell Curl to ignore the issue or provide curl with a client side list of certificating authorities.
- alter the certificate on the server
Question
I want the second option, the change on the server, and this page gives instructions on how to do it specifically …
2) If you received the intermediate certificates in one bundle file or
downloaded the certificate files in your account with us, you can use
this command:cat example_com.crt bundle.crt >> ssl-bundle.crt
Place the concatenated file into the directory with SSL certificates
on your Nginx server.
The problem I have is that I'm not sure which of the files produced by running acme.sh correspond to the example_com.crt and the bundle.crt ?
I think bundle.crt corresponds to www.foobar.xyz.cer ?
But I'm not sure what example_com.crt corresponds to ?
Best Answer
The bundle is
fullchain.cer. It containsca.cerandwww.foobar.xyz.cer.