How to make Traefik include the full CA chain?

Hello,

I use Traefik v1.7.20.
Testing my domain with openssl, I get:
verify error:num=20:unable to get local issuer certificate

I have a PEM file, that includes everything:

  • private key
  • server cert
  • intermediate cert
  • trusted CA cert

Which looks like this:

-----BEGIN PRIVATE KEY-----
<base64 encoded private key>
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
<base64 encoded server certificate>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<base64 encoded intermediate certificate>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<base64 encoded trusted CA certificate>
-----END CERTIFICATE-----

On the other hand, Traefik accepts 2 files for TLS:

  1. key file
  2. cert file

I believe that it is expected the cert file to include the full CA chain (i.e. the last 3 parts from above example).
However, based on this SO post, I understand that DER encoded files cannot be used as containers for multiple certificates, which per my understanding -- allows only 1 certificate in the cert file.

How am I supposed to work this our then?