+
+
+ # openssl seems to generate a file (ca_chain.pam) in an order it
+ # cannot then use (the key applies to the first cert in the file?).
+ # Generate a shuffled one.
+ cd example.$tld/server1.example.$tld
+ openssl pkcs12 -in server1.example.com.p12 -passin file:pwdfile -cacerts -out cacerts.pem -nokeys
+ cat server1.example.com.pem cacerts.pem > fullchain.pem
+ rm cacerts.pem
+ cd ../..