Our web site is running on Ubuntu 14.04 LTS- Apache 2.4.7-PHP5-FPM and is secured by Let’sEncrypt. We are moving to Akamai CDN and they want the entire site (www.ourdomain.com) CNAMEd to Akamai.
As part of the process, they have procured a CSR for www.ourdomain.com from Symantec and have sent us the same in .txt & .pem format, with a request to sign it on our server using LetsEncrypt and then send them the signed bundle. They will then upload this certificate to their servers.
Now, my understanding is that I could configure OpenSSL on our server to create a CA and then sign the CSR sent by Akamai using using x509 or ca modules, but that would be equivalent to a self-signed cert because the Certification Authority would not be trusted.
So, is it technically possible to sign the Symantec CSR using LetsEncrypt on our server? I am doubtful, as our server already has LetsEncrypt certs for ourdomain.com and www.ourdomain.com and I believe that signing the Symantec generated CSR on our server with LetsEncrypt for the same domains will actually replace the existing certs on the server.
It would be great if someone could chime in on this curious issue.