Solved CERTBOT: fullchain.pem vs privkey.pem

Solved issue

banderas20

Active Member
Joined
Aug 1, 2018
Messages
101
Reaction score
42
Credits
793
Hi!

I have used CERTBOT and successfully get the SSL certificates.

However, I don't understand the purpose and difference between these 2 files:

/etc/letsencrypt/live/domain.com/fullchain.pem
/etc/letsencrypt/live/domain.com/privkey.pem

What does each one do?

Thanks!
 


One is your local server privateKey.pem
The other is your pemKey to talk to the upstream Authenication/Validation servers that are "sponsoring" ( verifying ) your cert.
 
Hi,

as dos2unix said:
/etc/letsencrypt/live/domain.com/privkey.pem
is your private key NEVER!!! share this file to the internet.

/etc/letsencrypt/live/domain.com/fullchain.pem
is your public information this must be shared to the internet.

With apache as example you use both files but apache does not provide
/etc/letsencrypt/live/domain.com/privkey.pem

to the internet it uses this key only for decryption.
 
Hi!

Thanks for the reply. I have added the corresponding files to the directives:

Code:
SSLEngine on
SSLCertificateChainFile  /etc/letsencrypt/live/domain.com/fullchain.pem
SSLCertificateKeyFile    /etc/letsencrypt/live/domain.com/privkey.pem
SSLCertificateFile       /etc/letsencrypt/live/domain.com/cert.pem

However, if I access https://myhomeIP, I still get a security warning from the browser, even if it says "Verified by Let's Encryp".

I I go to the Apache2 logs, it says:

Code:
Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this

¿Where is my error and how can I make the website fully trusted?

Thanks!
 
Found the error. The certificate was issued to a domain. Hence the access by IP gave that warning.

Thanks!
 


Latest posts

Top