My domain is: hermetic.ch. My ISP is LuxSci. The Sectigo SSL for this site expired a few days ago, and I'm trying to get a Lets Encrypt certificate. I've got an SSL cert several times since last year for my other websites using the Griffin's excellent CertSage. It gives me the files:
account.key, certificate.crt and certificate.key
which I send to my ISP, which installs the cert. No problem before.
But when I do this for hermetic.ch (currently marked by my ISP as 'parked' or 'not configured') my ISP says, "We won't be able to install the SSL with those. We don't need a certificate KEY. What we need is the intermediate SSL Certificate, which is not a KEY file."
I recall a similar case earlier where the support person said this, but it proved to be a mistake, and the 3 files were in fact sufficient to install the cert. Does the Griffin have a comment?
Weird. Every certificate used in TLS also requires the corresponding private key. I'm not that familiar with CertSage, but I'm pretty sure certificate.crtalso contains the intermediate cert in the form of the full chain? @griffin could tell us more about that tho.
I'm not ruling out a misunderstanding between you and your ISP tho.
The problem, as usual, had a human cause. The first person at LuxSci Help (who is not a newbie) was not aware that "The certificate.crt contains your cert and chain." When a more experienced person came on the scene he said, "I was able to successfully add the SSL." Problem solved.