Certbot doesn't include root certificate in the chain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: education-ssl.site

I ran this command: cat /etc/letsencrypt/live/education-ssl.site/fullchain.pem

It produced this output: only certificate + intermediate certificate. it stopped showing root certificate, so the chain is not full. but I can successfull generate full chain at whatsmychaincert.com

My web server is (include version): vh300, 92.53.96.150, LA 30.85

The operating system my web server runs on is (include version): nginx/1.24.0

My hosting provider, if applicable, is: timeweb.ru

I can login to a root shell on my machine (yes or no, or I don't know): idk

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): idk but i'm using termius to log in to server and use certbot there

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot version 0.40.0-1ubuntu0.1

LE never included the root certificate in chain, but zombie cross sign certificate (because it's past valid period of it's parent DST root X3) for old version of android. but from 2024/02/08 it was striped by default, and that expired in June

6 Likes

Thank you, I missed this information

2 Likes