Use fullchain.cer on graphite for nginx

Nginx doesn't seem to support explcit intermedate cert chains [0] and we
need to supply all of the certs together in a single file. Thankfully
acme.sh does this and calls it the fullchain.cer file. Use that in the
nginx config for graphite to fix issues with ssl verification to this
service.

[0] http://nginx.org/en/docs/http/configuring_https_servers.html#chains

Change-Id: I318fb92a30c1593c2a2e4cb37496b16f17472f1d
This commit is contained in:
Clark Boylan 2021-09-29 15:18:10 -07:00
parent bb0f135b5b
commit c9d6b4d248

View File

@ -11,7 +11,7 @@ server {
listen [::]:443 ssl;
server_name {{ inventory_hostname }};
ssl_certificate /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.cer;
ssl_certificate /etc/letsencrypt-certs/{{ inventory_hostname }}/fullchain.cer;
ssl_certificate_key /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key;
root /opt/graphite/static;
index index.html;