id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 2125 ssl_trusted_certificate for parallel ECDSA and RSA usage rdevq@… "As ECDSA is on it's way to becoming the new standard, it is important to have both ECDSA and (at some point legacy) support for RSA. This setup currently works very well: {{{ ssl_certificate /etc/letsencrypt/live/example.com/fullchain.ecdsa.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.ecdsa.pem; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.rsa.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.rsa.pem; }}} Yet if one uses ssl_trusted_certificate in such a parallel setup, this following does not work: {{{ ssl_trusted_certificate /etc/letsencrypt/live/example.com/fullchain.ecdsa.pem; ssl_trusted_certificate /etc/letsencrypt/live/example.com/fullchain.rsa.pem; }}} Returning the error: {{{ nginx: [emerg] ""ssl_trusted_certificate"" directive is duplicate in /etc/nginx/sites-enabled/example.com.conf:50 }}} Shouldn't it be also possible to have two certificates available here? Sorry if this is the wrong ticket type, I'm new here." defect closed major nginx-core 1.19.x invalid Linux main 4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28) x86_64 GNU/Linux "nginx version: nginx/1.14.2 built with OpenSSL 1.1.1d 10 Sep 2019 (running with OpenSSL 1.1.1i 8 Dec 2020) TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-Cjs4TR/nginx-1.14.2=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-mail=dynamic --with-mail_ssl_module --add-dynamic-module=/build/nginx-Cjs4TR/nginx-1.14.2/debian/modules/http-auth-pam --add-dynamic-module=/build/nginx-Cjs4TR/nginx-1.14.2/debian/modules/http-dav-ext --add-dynamic-module=/build/nginx-Cjs4TR/nginx-1.14.2/debian/modules/http-echo --add-dynamic-module=/build/nginx-Cjs4TR/nginx-1.14.2/debian/modules/http-upstream-fair --add-dynamic-module=/build/nginx-Cjs4TR/nginx-1.14.2/debian/modules/http-subs-filter"