LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   CERTBOT: fullchain.pem vs privkey.pem (https://www.linuxquestions.org/questions/linux-security-4/certbot-fullchain-pem-vs-privkey-pem-4175727533/)

banderas20 07-30-2023 05:06 PM
CERTBOT: fullchain.pem vs privkey.pem
 
Hi!

I have used CERTBOT and successfully get the SSL certificates.

However, I don't understand the purpose and difference between these 2 files:

/etc/letsencrypt/live/domain.com/fullchain.pem
/etc/letsencrypt/live/domain.com/privkey.pem

What does each one do?

Thanks!

boughtonp 07-31-2023 10:00 AM

 
This is explained in the CertBot documentation.

https://eff-certbot.readthedocs.io/en/stable/using.html#where-are-my-certificates

banderas20 08-01-2023 02:10 PM
Quote:
Originally Posted by boughtonp (Post 6445428)
Hi!


Thanks for the reply. I have added the corresponding files to the directives:


Code:
SSLEngine on

SSLCertificateChainFile  /etc/letsencrypt/live/domain.com/fullchain.pem

SSLCertificateKeyFile    /etc/letsencrypt/live/domain.com/privkey.pem

SSLCertificateFile      /etc/letsencrypt/live/domain.com/cert.pem

However, if I access https://myhomeIP, I still get a security warning from the browser, even if it says "Verified by Let's Encryp".


I I go to the Apache2 logs, it says:


Code:
Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this

¿Where is my error and how can I make the website fully trusted?


Thanks!

banderas20 08-02-2023 05:13 PM
Found the error. The certificate was issued to a domain. Hence the access by IP gave that warning.


Thanks!


All times are GMT -5. The time now is 05:08 PM.