The following works as advertised in my vhost server block
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/mydomain.com/chain.pem;
To better automate vhosts en mass I tried using the $server_name variable
server_name mydomain.com;
ssl_certificate /etc/letsencrypt/live/$server_name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$server_name/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/$server_name/chain.pem;
Nginx failed but this works
server_name mydomain.com;
ssl_certificate /etc/letsencrypt/live/$server_name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$server_name/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/mydomain.com/chain.pem;
If ssl_certificate and ssl_certificate accept the $server_name variable then how come ssl_trusted_certificate doesn't?
Heres the error on Ubuntu 18.04.2 running Nginx 1.17.0 source compiled with OpenSSL 1.1.1c
Jun 03 05:34:22 cloud systemd[1]: Starting The NGINX HTTP and reverse proxy server...
Jun 03 05:34:22 cloud nginx[12646]: nginx: [emerg] SSL_CTX_load_verify_locations("/etc/letsencrypt/live/$server_name/chain.pem") failed (SSL: error:02001002:system library:
Jun 03 05:34:22 cloud nginx[12646]: nginx: configuration file /etc/nginx/nginx.conf test failed
Jun 03 05:34:22 cloud systemd[1]: nginx.service: Control process exited, code=exited status=1
Jun 03 05:34:22 cloud systemd[1]: nginx.service: Failed with result 'exit-code'.
Jun 03 05:34:22 cloud systemd[1]: Failed to start The NGINX HTTP and reverse proxy server.
ssl_certificate and ssl_certificate_key parse the variable $server_name and the correct path to the domain's SSL certs are validated.
Seems odd to me. Thanks for any explanation
~Gary