prod docs: Call out more the need for a chained cert bundle.

This is kind of easy to gloss over, especially with the framing as a "format"; surely if things work at all, the file format must have been right, right? It's really a bit more substantive than that; say so and also add a bit more description.
2025-11-01 12:33:40 +00:00 · 2018-04-16 11:29:19 -07:00
parent fdfbd45208
commit 21045d8cf0
1 changed files with 7 additions and 3 deletions
--- a/docs/production/ssl-certificates.md
+++ b/docs/production/ssl-certificates.md
@@ -13,10 +13,14 @@ If you already have an SSL certificate, just install (or symlink) its
 files into place at the following paths:
 * `/etc/ssl/private/zulip.key` for the private key
 * `/etc/ssl/certs/zulip.combined-chain.crt` for the certificate.
-  Because Zulip uses nginx as its web server, this should be in the
-  format of a [chained certificate bundle][nginx-https].

-[nginx-https]: http://nginx.org/en/docs/http/configuring_https_servers.html
+Your certificate file should contain not only your own certificate but
+its full chain, including any intermediate certificates used by your
+CA.  See the [nginx documentation][nginx-chains] for details on what
+this means and how to do it and test it.  If you're missing part of
+the chain, your server may work with some browsers but not others.
+
+[nginx-chains]: http://nginx.org/en/docs/http/configuring_https_servers.html#chains

 ## Certbot (recommended)