I just renewed one of my certificate on my centos/haproxy server, and I noticed something interesting that I do not understand! (I’ve been manually renewing and running scripts while I perfect my scripts since I have quite a bit going on – hopefully the next renewal will be fully automated)
When viewing the certificate in my browser, I can see that on the General tab the certificate is ‘Issued by’ the X3 CA, but if I hit the ‘Certification Path’ I see that the chain is:
“DST Root CA X3”->“Let’s Encrypt Authority X1”->“My certificate”
Do I have something messed up on my ca-bundle on my server, or is this normal behavior? Do I have the better compatibility with XP that X3 offers, or am I functioning off of X1’s compatibility?
Either way, I absolutely love this service and recommend it to everyone I get a chance to interact with. You’re doing great things here!