Hi, how to download let's encrypt new root and intermediate certificate that released on 11th June, 2024

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:aspirezone.qa

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

1 Like

@georgey , welcome to the community!

You may find the links to the certificates on the page:

6 Likes

Why do you need to download these certs to begin with? Especially intermediates are supplied as chain with every certificate issuance. And if it's about cert pinning: never pin intermediate certificates!

5 Likes

There are very few situations in which you would need to download the Root Certificate. That is usually only done to construct a custom Trust Store, or writing software that analyzes Certificate chains. Almost all usage (99.99999999999%) of a Root Certificate will be "behind the scenes" via the Trust Store in the Operating System, Web Browser, or various programming language libraries.

As @Osiris noted, the relevant Intermediates are supplied as part of the certificate chain with every certificate issuance. The ACME Server supplies this on every issuance, and the ACME Clients should be downloading them on every issuance. The downloadable web versions largely exist for public verification.

Unless you are writing advanced analysis software, managing a Trust Store, trying to extend LetsEncrypt support into legacy software or auditing a suspected server compromise, you should never need to download either file manually.

8 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.