Hi
So according to the news
Let’s Encrypt plans to move to the ISRG signed intermediate certificate from September 29 onwards. There was a line that states those wishing to support old SSL clients may can manually configure servers to use the cross signed intermediate cert. What does this mean?
We either keep the cross signed one or obtain it from their website and, create and install full chain ourselves?
Many ACME clients have been, or are being updated to support automatic chain selection according to user preference.
What client are you using?
thanks for being understanding!
I’m using certbot
Certbot gained the ability to automatically use the legacy root in its 1.6.0 release:
--preferred-chain "DST Root CA X3"
Unfortunately, many common Linux distros won’t have that version of Certbot packaged yet. However, the new snap packages can be installed on a wide variety of systems, and will always be the newest version.
thanks buddy!
It’s actually available on mine, I realized I did not retrieve the full help
./letsencrypt-auto --help all
--preferred-chain PREFERRED_CHAIN
If the CA offers multiple certificate chains, prefer
the chain with an issuer matching this Subject Common
Name. If no match, the default offered chain will be
Appreciate it once again and hope this also helps others
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.