How to use DST root post July 8 2020

Hi Team,

We are using several letsencrypt certificates in our Org. We came to know that ISRG root will be used by default when we provision certificate using certbot. Please tell us the steps to manually configure our servers to continue using the cross-signature from IdenTrust (DST root) using certbot.


1 Like

Swap out chain.pem with the intermediate certificate signed by the DST root (it could be that file isn’t used by your software, but I guess it’s good practice to keep everything the same; also, I’m using chain.pem in the next example :wink:). You’d also need to modify or remake fullchain.pem (cat cert.pem chain.pem > fullchain.pem) as that file also contains the intermediate certificate.

You can find all relevant certificates on

1 Like

Certbot might add a way to choose the issuer certificate, depending on what actually ends up happening.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.