Previously we presented the server cert, then the intermediate, then the
CA. This caused some browsers to break.
To resolve the issue, we ran:
wget http://www.startssl.com/certs/ca.pem -O startcom.pem
wget http://www.startssl.com/certs/sub.class1.server.ca.pem
cat app.humbughq.com.crt sub.class1.server.ca.pem startcom.pem > app.humbughq.com.combined-chain.crt
(repeating the last step for each .humbughq.com.crt)
Note: The resultant .combined-chain. files contain different
certificates than they did previously.
(imported from commit 6544938ef2955d52c5e8d95f53c280322526a790)
This is the format Nginx wants. It contains the following files concatenated
together in order:
app.humbughq.com.crt
startcom.pem
sub.class1.server.ca.pem
(imported from commit 6ed5679501f48729b4b4df19169042d5c0c37b5d)
Luke Faraone
Keegan McAllister