Allow having ssl-enabled site without chain
diff --git a/nginx/files/_ssl.conf b/nginx/files/_ssl.conf
index d83beac..57b7661 100644
--- a/nginx/files/_ssl.conf
+++ b/nginx/files/_ssl.conf
@@ -6,7 +6,13 @@
ssl_session_timeout 10m;
{%- if site.ssl.engine is not defined %}
ssl_certificate_key /etc/ssl/private/{{ site.host.name }}.key;
+
+ {%- if site.ssl.chain is defined or site.ssl.authority is defined %}
ssl_certificate /etc/ssl/certs/{{ site.host.name }}-with-chain.crt;
+ {%- else %}
+ ssl_certificate /etc/ssl/certs/{{ site.host.name }}.crt;
+ {%- endif %}
+
{%- elif site.ssl.engine == 'letsencrypt' %}
ssl_certificate /etc/letsencrypt/live/{{ site.host.name }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ site.host.name }}/privkey.pem;
diff --git a/nginx/server/sites.sls b/nginx/server/sites.sls
index 542a5e0..4a0a2c5 100644
--- a/nginx/server/sites.sls
+++ b/nginx/server/sites.sls
@@ -32,6 +32,8 @@
- require:
- pkg: nginx_packages
+{%- if site.ssl.chain is defined or site.ssl.authority is defined %}
+
{{ site.host.name }}_ca_chain_{{ loop.index }}:
file.managed:
- name: /etc/ssl/certs/{{ site.host.name }}-ca-chain.crt
@@ -54,6 +56,8 @@
{%- endif %}
+{%- endif %}
+
{% endif %}
sites-available-{{ site_name }}: