Cause: Web-console used to have an intermediate 'Certificate Chain' field. The cert files were then internally concatenated. SSL certificate providers often issue a 'fullchain.pem' file (or similar) that was confusing to users who didn't know whether to use this file or the non-concatenated files. Finally, the rhc tool to upload SSL certs does not include an 'cert chain' option, when using the rhc tool users have always been required to supply concatenated cert file.
Consequence: Users were getting a 'B rating' and/or 'chain incomplete' warning unless they used the 'fullchain.pem' file.
Fix: Removed SSL Certificate Chain Field from web console. Documented that the user must concatenate SSL cert files into a single file to upload, or upload the already-concatenated file included in the SSL certificate from the SSL certificate provider. Also documented how users should manually concatenate the cert files if the SSL cert provider did not provide a concatenated file.
Result: rhc tool now matches web console. Uploading SSL certs process has been clarified for users.