Merge pull request #60081 from Streetwalrus/nginx_stapling

nginx: use fullchain.pem for ssl_trusted_certificate
This commit is contained in:
Silvan Mosberger 2019-05-03 06:28:38 +02:00 committed by GitHub
commit be1ada3140
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -16,11 +16,11 @@ let
} // (optionalAttrs vhostConfig.enableACME {
sslCertificate = "${acmeDirectory}/${serverName}/fullchain.pem";
sslCertificateKey = "${acmeDirectory}/${serverName}/key.pem";
sslTrustedCertificate = "${acmeDirectory}/${serverName}/full.pem";
sslTrustedCertificate = "${acmeDirectory}/${serverName}/fullchain.pem";
}) // (optionalAttrs (vhostConfig.useACMEHost != null) {
sslCertificate = "${acmeDirectory}/${vhostConfig.useACMEHost}/fullchain.pem";
sslCertificateKey = "${acmeDirectory}/${vhostConfig.useACMEHost}/key.pem";
sslTrustedCertificate = "${acmeDirectory}/${vhostConfig.useACMEHost}/full.pem";
sslTrustedCertificate = "${acmeDirectory}/${vhostConfig.useACMEHost}/fullchain.pem";
})
) cfg.virtualHosts;
enableIPv6 = config.networking.enableIPv6;