I experience the same issue.
I installed the Intermediary CA in OpenFire trust store so it will recognize Letsencrypt.
The way they import a certificate is two parts:
- “Please provide the PEM representation of the private key that should be used to identify Openfire.”
So that’s where I paste the contents of privkey.pem from -----BEGIN PRIVATE KEY----- to -----END PRIVATE KEY-----
- “Please provide the PEM representation of the certificate chain that
represents the identity of Openfire. Note that the certificate chain
must be based on the private key provided above.”
That’s where I try pasting cert.pem and fullchain.pem - both are not accepted.
"There was an error while trying to import the private key and signed certificate.
Internal server error: The supplied certificate chain does not cover the domain of this XMPP service"
The error message is quite clear.
I think the issue is that a certificate must be valid for the “XMPP domain” which is often NOT the FQDN of the server in question.
You could have a bunch of servers that serve the XMPP domain of company.org
The FQDN of the servers may be alpha.chat.company.org etc. My letsencrypt cert was for the FQDN of the server.
I will try recreate one and ask it to issue me a cert for two common names: alpha.chat.company.org and company.org
That might work.