PfSense Acme Cert Intermediary chain not accepted with cross signed cert

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):
PfSense Netgate SG-2100 running ...
21.05.1-RELEASE (arm64)
built on Wed Aug 04 09:50:08 EDT 2021

The operating system my web server runs on is (include version):
Apache running on RPI 4b but the certificate is offloaded to firewall. When I check the certificate at using godaddy ssl checker or any other checker its says the chain is incomplete (intermediary chain). I have installed the cross linked chain for both certificates in the PfSense Cerftificate manager and using HAProxy to tie to the certificates using the R3.

My hosting provider, if applicable, is: Self hosted at home on RPI4b

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Installing certs local with key and point matrix config to the cert.

Hi @spreckoak and welcome to the LE community forum :slight_smile:

I would recheck those steps.
I only see the cert (no chain at all) being served:

echo | openssl s_client -connect | head
depth=0 CN =
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN =
verify error:num=21:unable to verify the first certificate
verify return:1
Certificate chain
 0 s:CN =
   i:C = US, O = Let's Encrypt, CN = R3
Server certificate

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.