diff --git a/CHANGES b/CHANGES
index 4e7f398cb8..780969125d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+5600.	[bug]		Load a certificate chain file so that the full chain is
+			sent to DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH)
+			clients that require full chain verification. [GL #2514]
+
 5599.	[bug]		Fix a crash when transferring a zone over TLS,
 			after "named" previously skipped a master. [GL #2562]
 
diff --git a/lib/isc/tls.c b/lib/isc/tls.c
index 8a3f5cc41b..d15fc16b1c 100644
--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@@ -311,8 +311,7 @@ isc_tlsctx_createserver(const char *keyfile, const char *certfile,
 		EVP_PKEY_free(pkey);
 		BN_free(bn);
 	} else {
-		rv = SSL_CTX_use_certificate_file(ctx, certfile,
-						  SSL_FILETYPE_PEM);
+		rv = SSL_CTX_use_certificate_chain_file(ctx, certfile);
 		if (rv != 1) {
 			goto ssl_error;
 		}