Why fullchain.cer contain three certificates?

The fullchain.cer created by acme contains three certificates:

cat   fullchain.cer  #I list part of each certificate

-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISA8r1Ru/nVltRJjbcCA7J7mFGMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjA0MTAwNTE2MzNaFw0yMjA3MDkwNTE2MzJaMBUxEzARBgNVBAMT
CmxhaGF3YS54eXowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwij1T
n6GkUu6Vom80ouqn
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
ov71am72AE8o295ohmxEk7
-----END CERTIFICATE-----

Please explain the role of each file here.

The first is your certificate.

The second is the intermediate (R3)

The third is the cross-signed root certificate (ISRG Root X1)

They make a chain up to a root certificate that is saved on the client. The third one is only needed on Android.

The first the my server side certificate,
The second is the intermediate (R3),
The third is CA certificate ?

Yes, and no.
It's a root cert that chains to another root cert (thus the term "cross-signed").
Some systems will short circuit the chain verification (stopping once they have found a trusted entry) and some don't know that CA and continue onto the next link in the chain (the other CA).

Let's Encrypt has also made an attempt at explaining this in more detail at

I don't know if that additional detail will be helpful or not.

Another way of explaining this is based on the ROLE each certificate plays in the path:

The third "cross-signed root certificate" is included to handle situations in which the "ISRG Root X1 Certificate" is not available in the local Trust Store. In these scenarios, the "cross-signed root" does not function as the CA Certificate (or Trusted Root Certificate), but instead as an (Untrusted) Intermediate Certificate. The "Trust" comes from being (cross) signed by the DST X1 Certificate, which will act as the trusted CA Certificate.

So there are 2 general trust paths:

• ISRG Root X1 in the Trust Store

  1. EndEntity/ Leaf - Domain
  2. Intermediate - R3
  3. CA - ISRG Root X1

• ISRG Root X1 not in the Trust Store

  1. EndEntity/Leaf - Domain
  2. Intermediate - R3
  3. Intermediate - Cross-Signed ISRG Root X1
  4. CA - DST X1 Root

I think that is a very helpful way to describe it, @jvanasco.

It's fair to say that Let's Encrypt's strategy here is unusual in comparison to more commonly encountered trust chains, because of the DST root certificate expiration last year. Most trust chains do not attempt to rely on expired root certificates.

@yufeiluo, the reason for this unusual situation is that Let's Encrypt determined that it could help to maximize compatibility with older devices that do not receive software updates. This is a complicated discussion which was analyzed in some detail here on the forum last year, in topics related to the DST root certificate expiration. It especially has to do with the behavior of Android clients.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.