I read it as [case sensitive (with complete lack of sensitivity = insensitive)]:
--server letsencrypt --preferred-chain "DST Root CA X3"
2 Likes
Not according to these docs. Partial strings work and not case sensitive
Are you reading Certbot docs again 
2 Likes
I read case-insensitive as case-sensitive ... 
Time for new glasses ... so, I can find the 
I'm lacking!
3 Likes
1 Like
Tape the mug to the and you're on to something!
2 Likes
already used it and still having the issue in android.... windows 10 pc is working perfect although
......and i tried browsing in chrome some letsencrypt current website like debian.org or deleo.co.kr and after that.... when i hit my site inverlandpanama.com, it browse perfectly
weird issue eh!
Did it replace/update the cert chain?
3 Likes
The mail server is still using the "short chain" as shown by this SSL Checker. You can tell because there are only 2 certs but the default "long chain" has 3
Where do you specify the certs for your mail server?
3 Likes
well what i did was issuing a new cert and install it but adding the --server and --preferred-chain parameters
acme.sh --issue --webroot /home/webmyqmj/public_html -d inverlandpanama.com -d www.inverlandpanama.com --server letsencrypt --preferred-chain DST --force
[Mon May 1 16:58:28 EDT 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon May 1 16:58:28 EDT 2023] Multi domain='DNS:inverlandpanama.com,DNS:www.inverlandpanama.com'
[Mon May 1 16:58:28 EDT 2023] Getting domain auth token for each domain
[Mon May 1 16:58:28 EDT 2023] Create new order error. Le_OrderFinalize not found. {
"type": "urn:ietf:params:acme:error:rateLimited",
"detail": "Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: inverlandpanama.com,www.inverlandpanama.com, retry after 2023-05-03T04:09:50Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/",
"status": 429
}
[Mon May 1 16:58:28 EDT 2023] Please add '--debug' or '--log' to check more details.
[Mon May 1 16:58:28 EDT 2023] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
How? As I posted just before you your mail server is still using the short chain
I don't think your command for acme.sh worked right to get the long chain as your cert was just created (per SSL Checker) but still has short chain.
What process do you use to "install" to your mail server?
2 Likes
....sorry but i'm noob.... is it possible to manage that in jailed ssh? server is namecheap shared
Misuse of the force 
4 Likes
Fear the dark side.
3 Likes
Testing and debugging are best done using the Staging Environment as the Rate Limits are much higher.
2 Likes
It seems so since your most recently issued cert is showing up in the SSL Checker for your mail port but just the wrong chain
If you don't know how that is configured you should ask namecheap
See the latest cert here
https://tools.letsdebug.net/cert-search?m=domain&q=inverlandpanama.com&d=168
Is the same as shown here for port 465 (and 443 for HTTPS too)
3 Likes
where exactly do i distinguish that short chain is the default one?
That question is very specific to acme.sh.
You may get better help through their support channel(s).
2 Likes
That question is very specific to
acme.sh.
You may get better help through their support channel(s).
I talk about letsdebug.net
BTW i was looking for github support and i see that project take a long time to answer questions
should i switch to certbot?
hmm...
2 Likes
The short chain is definitely not the default from Let's Encrypt. You must have set it that way.
To see what the short and long chain look like use that SSL Checker site I linked for your site and for letsencrypt.org which uses the default chain (of 3 certs)
2 Likes