/munetakaJupyterHub/Computer/Let'sEncrypt/03-SSL-files.md

§2024-05-06

When used Let's Encrypt to create SSL keys for exmaple for munetaka.me, files will be created in

[root@pi2NginxMuNeTaka ~]# ls -l /etc/letsencrypt/live/munetaka.me/
total 4
lrwxrwxrwx 1 root root  35 Apr 21 12:38 cert.pem -> ../../archive/munetaka.me/cert7.pem
lrwxrwxrwx 1 root root  36 Apr 21 12:38 chain.pem -> ../../archive/munetaka.me/chain7.pem
lrwxrwxrwx 1 root root  40 Apr 21 12:38 fullchain.pem -> ../../archive/munetaka.me/fullchain7.pem
lrwxrwxrwx 1 root root  38 Apr 21 12:38 privkey.pem -> ../../archive/munetaka.me/privkey7.pem
-rw-r--r-- 1 root root 692 Dec 21  2022 README

[root@pi2NginxMuNeTaka ~]# cat  /etc/letsencrypt/live/munetaka.me/README 
This directory contains your keys and certificates.

`privkey.pem`  : the private key for your certificate.
`fullchain.pem`: the certificate file used in most server software.
`chain.pem`    : used for OCSP stapling in Nginx >=1.3.7.
`cert.pem`     : will break many server configurations, and should not be used
                 without reading further documentation (see link below).

WARNING: DO NOT MOVE OR RENAME THESE FILES!
         Certbot expects these files to remain in this location in order
         to function properly!

We recommend not moving these files. For more information, see the Certbot
User Guide at https://certbot.eff.org/docs/using.html#where-are-my-certificates.

¶By GPT

cert.pem: This file contains the domain certificate issued by Let's Encrypt for munetaka.me. It includes the public key for the domain along with information about the domain itself (such as its expiration date, issuer, etc.).
chain.pem: This file contains the intermediate certificates that link your domain's certificate (cert.pem) to the root certificate authority (CA) certificate. Essentially, it forms the chain of trust from your domain's certificate to a trusted root CA certificate.
fullchain.pem: This file is a combination of cert.pem and chain.pem. It contains your domain's certificate as well as the intermediate certificates, effectively forming the full chain of trust needed for browsers and other clients to verify the authenticity of your domain's certificate.
privkey.pem: This file contains the private key corresponding to the public key in cert.pem. It's crucial for securely encrypting and decrypting communication between clients and your server. This private key should be kept secret and securely stored on your server.
README: This file likely contains some basic instructions or information about the files in the directory, such as what each file contains and how they are used. It's good practice to read this file for any additional guidance provided by Let's Encrypt.