Add ssl_trusted_certificate directive.

README.md

 
 ```
   --cert-path (default: /letsencrypt/certs/%s/fullchain.pem) path to the SSL cert.
+  --trusted-cert-path (default: /letsencrypt/certs/%s/chain.pem) path to the CA certs used in SSL stapling.
   --cert-key-path (default: /letsencrypt/certs/%s/privkey.pem) path to the SSL cert's private key.
 ```
 

generate.py

 parser.add_argument('--etcd-port', type=int, help='Port to connect to etcd on', default=2379)
 parser.add_argument('--etcd-host', help='Host to connect to etcd on', default='etcd')
 parser.add_argument('--etcd-prefix', help='Prefix to use when retrieving keys from etcd', default='/docker')
+parser.add_argument('--trusted-cert-path', help='Path to use for trusted CA certificate. Use "%s" for hostname', default='/letsencrypt/certs/%s/chain.pem')
 parser.add_argument('--cert-path', help='Path to use for certificates. Use "%s" for hostname', default='/letsencrypt/certs/%s/fullchain.pem')
 parser.add_argument('--cert-key-path', help='Path to use for certificate private keys. Use "%s" for hostname', default='/letsencrypt/certs/%s/privkey.pem')
 args = parser.parse_args()
       'host': next(iter(networks.values())), # TODO: Pick a bridge sensibly?
       'port': values,
       'certificate': args.cert_path % domains[container][0],
+      'trusted_certificate': args.trusted_cert_path % domains[container][0],
       'certificate_key': args.cert_key_path % domains[container][0]
     })
 

nginx.tpl

     listen 443 ssl http2;
 
     ssl_certificate {{ service.certificate }};
+    ssl_trusted_certificate {{ service.trusted_certificate }};
     ssl_certificate_key {{ service.certificate_key }};
 
     include {{ service.vhosts[0] }}/*.conf;