I use API and get CSR signed by Let’s Encrypt Intermediate X1 CA Certificate from this page
When I used official client last time (more than a month ago, with preapproval), I got Let’s Encrypt Authority X1 Intermediate listed here
Am I missing something obvious?
Somewhat close topic is here
However, I’ve checked peteg.org:
openssl s_client -showcerts -connect peteg.org:443
It uses certificate issued by “right” Let’s Encrypt Authority X1 CA
peteg.org certificate is valid from “Mon, 26 Oct 2015 23:04:00 UTC” (the issue was discussed next day)
Ouch, these different intermediate have same public key.
Sorry, feel stupid…
You should obtain the intermediate by using the link with the
up relation in the headers of the certificate response.
Ok. I’ll need to learn how to do it first.