The official certbot client generates "fullchain.pem" which seems to be the complete chain of trust all the way down to the newly issued certificate.
Would it be possible to get lego to create this file? Most letsencrypt tutorials (especially for nginx) reference the fullchain.pem file.
voltagex
All 3 comments
lego only has support for generating a bundle with the intermediate and leaf certificates, other certificates in the path are not included.
xenolf
on 18 Nov 2016
At least for me, the letsencrypt client鈥檚 fullchain.pem contains precisely 2 certificates:
Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Subject: CN=mycn
Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3
Subject: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
lego鈥檚 .crt file contains the same certificates.
I inspected the files using openssl crl2pkcs7 -nocrl -certfile ~/.lego/certificates/mycn.crt | openssl pkcs7 -print_certs -text -noout
stapelberg
on 29 Nov 2016
@stapelberg, @xenolf does this mean lego-generated.crt and fullchain.pem are equivalent?
czerasz
on 10 Feb 2018
Related issues
mholt
路
3Comments
mhoran
路
4Comments
lenovouser
路
5Comments
cruscio
路
3Comments
Kuchenm0nster
路
4Comments
Most helpful comment
At least for me, the letsencrypt client鈥檚 fullchain.pem contains precisely 2 certificates:
lego鈥檚 .crt file contains the same certificates.
I inspected the files using
openssl crl2pkcs7 -nocrl -certfile ~/.lego/certificates/mycn.crt | openssl pkcs7 -print_certs -text -noout