Letsencrypt certificate chain in AWS API Gateway custom domain trust store

My domain is:letsencrypt-mtlsclient1.abhidhya.com

I ran this command: Trying to use this certificate for mTLS set up in API Gateway, but I'm getting warning saying there are 2 invalid certificate in your trust store bundle. Not sure if there is an issue with the chain as I think ISRG Root X is issued by DST Root CA X3, but that certificate seems to have expired.

What would be correct chain for Letsencrypt certificates issued by R3.

Hi @tiru, and welcome to the LE community forum :slight_smile:

Which ACME client did you use?
Which cert files did you use?


Thanks for your response.

Used certbot. I tried both chain and full chain.

Could you possible add a few details to that?
Brevity here is NOT your friend [it only delays the responses due to lack of understanding].