I have a Sophos UTM 9 with web protection enabled. I found an identical topic started by @VWR32NZ very helpful in converting the Lets Encrypt cert into PKCS#12 format. However on Android (Chrome) I was receiving the error: NET::ERR_CERT_AUTHORITY_INVALID and Qualys SSL Labs stated my certificate chain is incomplete.
Adding the -certfile flag fixed this problem for me. Below is my revised statement:
$ sudo openssl pkcs12 -export -out subdomain.example.com.pk12 \ -in /etc/letsencrypt/live/subdomain.example.com/cert.pem \ -certfile /etc/letsencrypt/live/subdomain.example.com/cert.pem \ -inkey /etc/letsencrypt/live/subdomain.example.com/privkey.pem \ -name Cert-subdomain.example.com
I am hardly an expert in certificate management, and don’t know if specifying both intermediary certificates is possible or advantageous. Additional advise from a pro would be much appreciated if warranted.
Thanks for Lets Encrypt, this is the best thing I’ve played with in a long while!