Nginx doesn't send certificate chain

Solution 1:

You have the following certificates in your list (in that order):

 #L Subject: ... CN=tiendaganadera.com
    Issuer:  ... CN=COMODO RSA Domain Validation Secure Server CA

 #A Subject: ... CN=COMODO RSA Certification Authority
    Issuer:  ... CN=AddTrust External CA Root

 #B Subject: ... CN=COMODO RSA Domain Validation Secure Server CA
    Issuer:  ... CN=COMODO RSA Certification Authority

 #R Subject: ... CN=AddTrust External CA Root
    Issuer:  ... CN=AddTrust External CA Root

Obviously, the order does not match. The first certificate #L is correctly the leaf certificate. But the following certificate #A does not sign #L as you can see from the fact that the subject of #A does not match the issuer of #L. Instead #B signs #L and #A signs #B and #R signs #A. #R then is the root certificate which should not be included at all.

To fix:

  • leaf #L as the first
  • move #B up so that it is directly after #L
  • move #A down so that it is directly after #B
  • remove #R because the root certificate should not be included (will be usually ignored if included but it is bad style).