CertSage problem

My domain is: hermetic.ch. My ISP is LuxSci. The Sectigo SSL for this site expired a few days ago, and I'm trying to get a Lets Encrypt certificate. I've got an SSL cert several times since last year for my other websites using the Griffin's excellent CertSage. It gives me the files:
account.key, certificate.crt and certificate.key
which I send to my ISP, which installs the cert. No problem before.

But when I do this for hermetic.ch (currently marked by my ISP as 'parked' or 'not configured') my ISP says, "We won't be able to install the SSL with those. We don't need a certificate KEY. What we need is the intermediate SSL Certificate, which is not a KEY file."

I recall a similar case earlier where the support person said this, but it proved to be a mistake, and the 3 files were in fact sufficient to install the cert. Does the Griffin have a comment?

Weird. Every certificate used in TLS also requires the corresponding private key. I'm not that familiar with CertSage, but I'm pretty sure certificate.crt also contains the intermediate cert in the form of the full chain? @griffin could tell us more about that tho.

I'm not ruling out a misunderstanding between you and your ISP tho.


That sounds like the "problem".


First, you should not need to send them your account.key.

The certificate.crt contains your cert and chain. If you look at the file you should see three certs all starting with the string -----BEGIN CERTIFICATE-----

The first cert in that file is the "leaf" or "server cert". The others are the intermediates.


The problem, as usual, had a human cause. The first person at LuxSci Help (who is not a newbie) was not aware that "The certificate.crt contains your cert and chain." When a more experienced person came on the scene he said, "I was able to successfully add the SSL." Problem solved.


Glad this was successfully resolved!