Getting Certificates issuers

Hello,

as mentioned here: Deploying Let's Encrypt's New Issuance Chains - #4 by mcpherrinm
the Certificates issuers for staging have changed.

Is there a way to get this issuers in an automated way, like from an api or something else?

Thanks in advance.

Greetings,

huf1

1 Like

I don't think so, though you're not the first person to wish that ACME provided such a system (or that Let's Encrypt had it in a machine-readable way on the web site or the like). It even looks like their documentation page still refers to the old intermediates if I'm reading it right.

Though in theory, all users should usually be caring about is the roots ((STAGING) Pretend Pear X1 and/or (STAGING) Bogus Broccoli X2) and expecting intermediates to change regularly, just like in production. Can you say more about your use case where you want information on the intermediates, and maybe the community here can find a different way to solve your underlying problem? (There might not be a better way than what you're currently doing, but there might be.)

5 Likes

The new staging intermediates are available via their AIA URLs:

http://stg-e5.i.lencr.org
http://stg-e6.i.lencr.org
http://stg-e7.i.lencr.org
http://stg-e8.i.lencr.org
http://stg-e9.i.lencr.org
http://stg-r10.i.lencr.org
http://stg-r11.i.lencr.org
http://stg-r12.i.lencr.org
http://stg-r13.i.lencr.org
http://stg-r14.i.lencr.org

The production URLs are e5.i.lencr.org and similar (without the stg- prefix)

Generally, intermediates are provided via ACME when a certificate is issued, but there may be some circumstances when other intermediates might be needed.

We are working on updating our documentation right now.

8 Likes

While I was looking for something else, I came across a similar discussion from last year, that might be enlightening, about the challenges of clients figuring out what certificate chain they were going to get.

4 Likes

A post was split to a new topic: What time will June 6th change happen at?