11

I'm trying to figure out how to use the Porkbun Let's Encrypt Files with Nginx.
They have generated a zip file with the following files for me to use
domain.cert.pem, intermediate.cert.pem, private.key.pem, public.key.pem

From this site https://wbxpress.net/install-porkbun-ssl-nginx-wordpress/
I've worked out that ssl_certificate is domain.cert.pem
ssl_certificate_key is private.cert.pem

But for my needs I have to specify the ssl_trusted_certificate as well.
Can anybody point me in the right direction ?

fujinman
  • 115
  • 1
  • 8

1 Answers1

7

If you used the certbot you will get these files: README cert.pem chain.pem fullchain.pem privkey.pem

  • ssl_certificate should point to fullchain.pem
  • ssl_certificate_key should point to privkey.pem
  • ssl_trusted_certificate should point to chain.pem

From what I see, the PorkBun generated files are just renamed and mapped like this:

  • fullchain.pem -> domain.cert.pem
  • privkey.pem -> private.key.pem
  • chain.pem -> intermediate.cert.pem
  • cert.pem -> public.key.pem

So you would do this for the files given by PorkBun:

  • ssl_certificate should point to domain.cert.pem
  • ssl_certificate_key should point to private.key.pem
  • ssl_trusted_certificate should point to intermediate.cert.pem

Basically fullchain.pem is just made up of cert.pem + chain.pem concatenated together. See here for more information: Generate CRT & KEY ssl files from Let's Encrypt from scratch

Personally, I would not use their generated ones because you would have to manually replace it every 90 days. Best if you use another option like certbot which lets you automatically renew it or do it 'manually' via some cronjob. Good luck!

CyberMew
  • 1,159
  • 1
  • 16
  • 33