I'm using certbot with dns-standalone authenticator using the command: certbot certonly --config-dir . --preferred-challenges dns --authenticator certbot-dns-standalone:dns-standalone -d sitename This works fine but I just checked the fullchain.pem and it seems the root certificate in the chain is…

Fullchain.pem still including root "ISRG Root X1" signed by "DST Root CA X3"

JamesLE July 5, 2021, 4:07am 2

Yes, here’s an explanation: Production Chain Changes

2 Likes

Topic		Replies	Views
ISRG Root X1 in chain.pem? Server	6	1564	December 10, 2018
How to use DST root post July 8 2020 Help	3	629	July 1, 2020
With '--preferred-chain "ISRG Root X1"' fullchain.pem doesn't contain the ISRG Root X1 certificate Help	7	3464	November 14, 2021
Windows: invalid cert when fullchain.pem ISRG Root X1 is cross-signed by expired DST Root CA X3? Help	10	2296	June 4, 2022
How to obtain a certificate with sole root CA of ISRG Root X1? Help	6	6043	January 3, 2021