What is CA SSL Certificate (root certificate forwarded by your certificate provider)

cappittall · September 22, 2021, 12:59pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is*:barlokmetal.com*

I ran this command:
sudo certbot certonly --manual --preferred-challenges=dns -d barlokmetal.com
It produced this output:
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/barlokmetal.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/barlokmetal.com/privkey.pem
This certificate expires on 2021-12-21.
These files will be updated when the certificate renews.

My web server is (include version):

The operating system my web server runs on is (include version):
linux - version not available

My hosting provider, if applicable, is:
ihs.com.tr
I can login to a root shell on my machine (yes or no, or I don't know):
no
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
CLOUD PHP A - 89847 limited controlpanel, I have entered TXT record while creating certificate at above command
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.19.0

After the above command:

I received a private key file (I viewed with sudo cat /etc/letsencrypt/live/barlokmetal.com/privkey.pem and copied and pasted in "existing certificate section at hosting panel"
I received 3 SSL sertificate when I cat /etc/letsencrypt/live/barlokmetal.com/fullchain.pem file and used first ----BEGIN CERTIFICATE----- -----END CERTIFICATE--- between
At the buttom asking CA SSL Certificate (root certificate forwarded by your certificate provider), I tried some options at the page Chain of Trust - Let's Encrypt but no luck.
How can I retrive this provider certificate

griffin · September 22, 2021, 1:51pm

Welcome to the Let's Encrypt Community, Hakan

The three certificates (one leaf and two intermediate certificates) in fullchain.pem are:

your leaf/end-entity certificate signed by R3
R3 signed by ISRG Root X1
ISRG Root X1 signed by DST Root CA X3

The corresponding root certificate is:

DST Root CA X3 signed by itself

cappittall · September 22, 2021, 6:02pm

Hello @griffin , Thank you very much for your answer. But I am not able to fix the problem yet. Still getting error message from my hosting. I will try more.
Note: I am using only first ----BEGIN CERTIFICATE----- -----END CERTIFICATE--- block. I tried all permutations w/out luck. And your supported link for of [DST Root CA X3 signed]

Still no luck. I keep trying. In case of news I will immediately inform here.

griffin · September 22, 2021, 6:09pm

In order to use that root certificate, you need to use all four certificates.

Try these combinations:

Put all three certificates from fullchain.pem in the certificate box and leave the CA SSL Certificate (root certificate forwarded by your certificate provider) blank
Put the first certificate from fullchain.pem in the certificate box and the last two certificates from fullchain.pem in the CA SSL Certificate (root certificate forwarded by your certificate provider) box

cappittall · September 23, 2021, 5:59am

Thanks @griffin , I tried both

first choice gives error : Sertificate is invalid.
Second choice gives: ERROR : Error Occurred While Creating Certificate!

At the both choice I entered private key at top

griffin · September 23, 2021, 6:57am

Pay very close attention to the header and footer lines of the private key you are pasting.

They probably look like this:

-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----

Modify them to look like this:

-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

griffin · September 23, 2021, 6:59am

If that step fails, combine that step with using this as your CA SSL Certificate:

https://letsencrypt.org/certs/lets-encrypt-r3-cross-signed.pem

cappittall · September 23, 2021, 7:14am

Hello @griffin, Thank you very much for your kind effort but when I tried both like:

I have changed private key header as you mentioned.
At : SSL Certifacate: I used first blok of certificate.
At CA SSL Certificate: I used both you sent.
also I tried SSL Certifiacate section I tried first blok and all block. But not solved yet.

griffin · September 23, 2021, 7:16am

Please paste the certificate you are using here (just the first one). Do not paste the private key!

cappittall · September 23, 2021, 7:17am

cappittall · September 23, 2021, 7:18am

this is the 3 of them. cat of fullchain.pem

cappittall · September 23, 2021, 7:19am

If you provide email, I can share hosting website. I do not mind to share the password.

griffin · September 23, 2021, 7:23am

You can just private message the credentials to me. Click on my username then click the Message button.

griffin · September 23, 2021, 7:30am

You actually need to create a certificate that covers both barlokmetal.com and www.barlokmetal.com.

sudo certbot certonly --manual --preferred-challenges=dns -d "barlokmetal.com,www.barlokmetal.com"

You will need to create two TXT records in this case.

griffin · September 23, 2021, 7:31am

Got it. I'm flagging your post to prevent leakage.

cappittall · September 23, 2021, 7:31am

ok. I will

cappittall · September 23, 2021, 7:35am

I ask to hosting company to add a new TXT record for new domain . (Waiting answer. Generally they reply 5-10 min)

griffin · September 23, 2021, 7:36am

I'm logged in. Just a minute. Go ahead with getting the new cert.

griffin · September 23, 2021, 4:21pm

This issue is now being handled privately.

rg305 · September 23, 2021, 7:25pm

@cappittall, Make sure you change your password after this is all said and done

Topic		Replies	Views
I want SSL certificate Help	2	473	August 20, 2020
How to get a ssl certificate Help	3	998	March 7, 2022
Struggling with certificate Help	3	532	July 18, 2022
How do i get my ssl cert? Help	2	610	January 26, 2019
Where to Find the SSL Detail Help	2	294	April 7, 2023

What is CA SSL Certificate (root certificate forwarded by your certificate provider)

Related topics