Nginx does not include intermediate Letsencrypt certs

[ghost]

Installation method:
Ubuntu 18.04 install script with PHP7.2->PHP7.4 fix on new Ubuntu 20.04 AWS image.

Looks OK in a browser but fails healthcheck with following message...

 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [FAIL] SSL peer certificate does not validate
 [FAIL] Hostname does not match when validating certificates.
 [WARN] Using a self-signed certificate
  [HELP] fopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
fopen(): Failed to enable crypto
fopen(https://passbol.example.com/healthcheck/status.json): failed to open stream: operation failed

I fixed this by using the fullchain.pem instead of the cert.pem file by replacing the passbolt_certificate.crt symlink in /etc/ssl/certs/. The following patch should do the same although I haven't tested it.

--- setup_nginx.sh.original     2021-02-11 10:22:17.403335794 +0000
+++ setup_nginx.sh      2021-02-11 10:23:13.648014058 +0000
@@ -36,7 +36,7 @@
   if [[ "$(__config_get 'ssl_auto')" == 'true' ]]; then
     if __setup_letsencrypt 'passbolt_hostname' 'letsencrypt_email'; then
       __nginx_config "$script_directory/conf/nginx/passbolt_ssl.conf" "$NGINX_SITE_DIR/passbolt_ssl.conf" 'passbolt_hostname'
-      ln -s "$LETSENCRYPT_LIVE_DIR/$passbolt_domain/cert.pem" "$SSL_CERT_PATH"
+      ln -s "$LETSENCRYPT_LIVE_DIR/$passbolt_domain/fullchain.pem" "$SSL_CERT_PATH"
       ln -s "$LETSENCRYPT_LIVE_DIR/$passbolt_domain/privkey.pem" "$SSL_KEY_PATH"
       __ssl_substitutions
       enable_service "$nginx_service"

[dlen]

Hi @ngrp-flightcentre-uk !

Thanks a lot for the report and proposed fix! I will take a look in the upcoming days as there are also some other pull request to address.