Why is LetsEncrypt issuing certificates with the old root

My domain is: https://status.globalminimalism.com/ and we requested a cert issue yesterday and LE issued a certificate with the old root that is expired.

We've issued certificates with greenlock (greenlock - npm)

Please help!

1 Like

you're sending no chain.

https://www.ssllabs.com/ssltest/analyze.html?d=status.globalminimalism.com&s=3.132.16.150&latest
https://whatsmychaincert.com/?status.globalminimalism.com
https://decoder.link/sslchecker/status.globalminimalism.com/443

2 Likes

Thank you @hebbet . This helps a ton!

2 Likes

@nawazdhandala Looks like you are now serving the fullchain with the DST Root CA X3. That is the default chain from Certbot - if that is what you are using. Here is an explanation of these chains and why the 'old root' is still part of the chain (in short, to retain compatibility for older android clients):

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.