I had a task to renew ssl certificates on a few websites, all went well I tested and was about to close the task when I noticed:
#if on nginx prepare your certificate by combining the two files given to
#you by godaddy
cat yourdomain.com.crt gd_bundle.crt > yourdomain.com_combined.crt
This was not mentionned on godaddy's website per se, but I found it in other threads so I did as suggested above, but did not see any noticeable difference.
I am curious as to what difference there is in combining the two .crt, verses just using the one .crt file?
Because each web-server is required to supply the full certificate chain up to the final subject name, excluding only the first certificate from it - the root CA one. Since lot of CA use intermediate CAs, full chain usually consists of 3 certificates - root CA, intermediate CA and the subject certificate. Thus, usually nginx certificate bundle comprises two certificates in reversed order - first the final CN comes, then the intermediate CA certificate, because the web-server provides the chain in the order that starts from the CN name of the target site. Since most web-servers have only two directives about certificates - the path to the certificate and the part to it's key, you have to concatenate two certificates in one file.
Providing only the certificate with the final CN doesn't break the TLS transport, but is considered a common setup mistake, for example by famous Qualys SSL Test.