Info about http://cert.int-x3.letsencrypt.org/ domain

Hi Guys,

While requesting for a certificate from let’s encrypt using DNS method, my client is communicating with this URL (http://cert.int-x3.letsencrypt.org/) apart from acme-v01.api.letsencrypt.org URL.

I just want to know which service is hosted over this URL.

An interesting fact which i have noticed is that the said URL is hosted over Akamai and i am able to reach this internally (on my Akamai caching servers) while the mail URL (i.e., acme-v01.api) is also on Akamai but i am getting different IP for that URL (and not the which is in my data centre).

Thanks.

http://cert.int-x3.letsencrypt.org/ is a copy of the current Let’s Encrypt Authority X3 intermediate certificate.

https://letsencrypt.org/certificates/

It’s given in the Authority Information Access (AIA) extension of every Let’s Encrypt certificate (well, every one issued by that intermediate). For example:

https://crt.sh/?id=183697052

Your ACME client is probably automatically building the certificate chain (and saving it in a file) that way.

(The API also has a different way to indicate the intermediate(s), with a different URL, which some other clients probably use. Specifically, a Link header currently pointing to a file on the API server itself.)

4 Likes

cert.int-x3.letsencrypt.org can easily be cached and replicated anywhere, while for acme-v01.api.letsencrypt.org most requests must eventually make it back to the origin API server in Let's Encrypt's data center, so these two services probably use different Akamai infrastructure that are made available in different points of presence. Your local Akamai server may serve cached static content like cert.int-x3 but not provide API endpoints like acme-v01, perhaps because it just wouldn't really make them any faster.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.