How to request IdenTrust intermediate CA


I’ve just read the announce:
i quote:

Subscribers who need to support very old TLS/SSL clients may wish to manually configure their servers to continue using the cross-signature from IdenTrust

How can i do this? how can i make my renew after Jul 8 2019 to continue to be issued by the IdenTrust intermediate CA?
I’ve checked the certbot documentation but i can’t find any specific parameter.
I must support some legacy clients, that’s why i need to do this.

thank you,


Hi @davideg,

You can find the Identrust cross-signed intermediate certificate on our certificate chain page. Here’s a direct link:

I have to defer to someone on the Certbot side of things to advise you on how to change your usage to prefer the cross-signed intermediate and not the chain returned from the ACME server.


I don’t believe that we currently have a feature to automate this task, so I’ll create an issue in our issue tracker to propose it. I assume it will become much more relevant to our users after July!


I created to track this issue for Certbot (without proposing a particular solution yet).