Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command: Cisco Expressway has ACME client inside so don't know exact command... I tried to renew my existing server certificate by ACME. ACME signed certificate but when trying to deploy it I got the error.
It produced this output: "The trust chain for the pending certificate is missing or invalid.: 12/08/20 10:20:45". However I have the latest root and intermediate deployed into the server.
I have renewed my certs several times before and this is the first time when I am facing issues.
The error is correct. You had already acquired five duplicate certificates today even before I had responded. You're limited to five duplicate certificates in a rolling seven-day period. A CSR doesn't actually get signed. It just provides the information necessary to produce a certificate. This is why you can reuse a CSR over and over (though this is inadvisable since you would also be reusing the private key). You don't need to acquire a new certificate. You just need to install one of the certificates you already have. Hopefully you haven't deleted their private keys.
Well... in that case I need to wait till the rolling period has ended. When the certificate installation failed I discard/delete those from Expressway GUI so I don't have any pending cert.
