Invalid intermediate certificate

Hello,
Recently, we noticed that the certificate does not work correctly in some devices, the site https://www.whynopadlock.com/ displays the following error:

You have an invalid or missing intermediate (bundle) certificate. This may not break your padlock on all browsers, but will on others. Please contact your SSL Vendor for assistance with this error.

It seems that the intermediate certificate of let's encrypt is no longer valid, I checked , it will expire in March 2021
Please can you give me a valid let's encryp intermediate certificate?
I thank you in advance.Intermediate_certificate_expire_date

2 Likes

Let's Encrypt recently updated its intermediate certificate from "Let's Encrypt Authority X3" to "R3".

If you use a well-behaved ACME client, it would have automatically started using the new intermediate at your last renewal. You shouldn't have noticed any difference.

In your case, perhaps you have been hardcoding the intermediate certificate. If that's the case, you'll need to use the new intermediate, which you can find on https://letsencrypt.org/certificates : https://letsencrypt.org/certs/lets-encrypt-r3-cross-signed.pem

5 Likes

Rather than hardcoding the current intermediate, I would like to advise to fix the ACME client/setup to not hardcode the intermediate at all.

4 Likes

Thank you very much it works with the new intermediate certificate. In our case, we import our certificates (the certificate issued by lest's encrypt and the intermediate certificate) into FortiWeb, so I downloaded the new intermediate certificate by following the link you gave me, then I imported it into Fortiweb.

2 Likes

As stated, this might not be a future-proof "fix". It's more of a temporary workaround waiting for the same issue to come up one day.

3 Likes