Still getting "A valid Root CA Certificate could not be located"


I've been making certificates using win-acme. The web server is 4D. Validation is DNS with DreamHost.

Some SSL checkers say the certificate chain is fine and others report that a valid Root CA could not be located. Why? Geocerts is one of them.

Domain is Note that this is a different server entirely than, but that hasn't mattered before.

Is it that some validation tools don't trust ISRG Root X1? Can I create certificates which use ISRG Root X2 instead?

I'm creating PEM files with the win-acme tool, and 4D uses the full chain and key files. I am not modifying them.

That root certificate is more recent and therefore even less well trusted. Besides, it's also cross-signed by ISRG Root X1, so that little fact isn't of that importance.

No it doesn't. Your server at is only sending the leaf certificate. It might be configured (I dunno) to "see" the full chain, but it isn't using it entirely.

Don't ask me how to change that, as I don't have experience with 4D, win-acme or Windows in general nowadays.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.