Use fullchain.cer on graphite for nginx

Nginx doesn't seem to support explcit intermedate cert chains [0] and we need to supply all of the certs together in a single file. Thankfully acme.sh does this and calls it the fullchain.cer file. Use that in the nginx config for graphite to fix issues with ssl verification to this service. [0] http://nginx.org/en/docs/http/configuring_https_servers.html#chains Change-Id: I318fb92a30c1593c2a2e4cb37496b16f17472f1d
8 months ago · c9d6b4d248
1 changed files with 1 additions and 1 deletions
--- a/playbooks/roles/graphite/templates/graphite-statsd.conf.j2
+++ b/playbooks/roles/graphite/templates/graphite-statsd.conf.j2
@ -11,7 +11,7 @@ server {
  listen [::]:443 ssl;
  server_name {{ inventory_hostname }};

-  ssl_certificate /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.cer;
+  ssl_certificate /etc/letsencrypt-certs/{{ inventory_hostname }}/fullchain.cer;
  ssl_certificate_key /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key;
  root /opt/graphite/static;
  index index.html;