Multi certificate support returns Letsencrypt Intermediate Certificate twice

Maxim Dounin mdounin at
Tue May 31 13:18:16 UTC 2016


On Tue, May 31, 2016 at 07:12:20AM -0400, mastercan wrote:

> Hello folks,
> I have the following setup:
> Nginx 1.11.0
> Libressl 2.3.4
> 1 Letsencrypt RSA 2048 certificate
> 1 Letsencrypt ECDSA p256 certificate
> The certificate files are both chained. Both have the Letsencrypt RSA 2048
> X3 intermediate certificate at the end of the file.
> The problem is:
> Nginx returns this intermediate certificate twice when connecting via https.
> Regardless whether you connect via RSA client or ECDSA client.
> Is this a bug? Or a configuration issue?

Only OpenSSL 1.0.2 and higher support separate chains for 
different certificates.  With older versions (including LibreSSL) 
there is only one chain for all certificates, and all chained 
certificates will be added to it.  That is, if chains are the same 
you have to leave only one of them.

Maxim Dounin

More information about the nginx mailing list