Trying to provision Yealink phone using SSL I have faced the following problem. Yealink provides the list of trusted CAs where we have:
ISRG Root X1 (intermediate certificates: Let’s Encrypt Authority X1 and Let’s Encrypt
Authority X2 are signed by the root certificate ISRG Root X1.)
To certify my server I have created a new LetsEncrypt certificate using certbot. Then I have applied that certificate to the provisioning server and also uploaded it on my Yealink phone. But when I try to provision the phone using that server I get “Unknown CA” Error. I think the problem is that currently certbot generates certificate issued with "Let’s Encrypt Authority X3”. Meanwhile even latest versions of Yealink firmware trust to “Let’s Encrypt Authority X1” and “Let’s Encrypt Authority X2”.
My question is: Is there any way (maybe some key) to force the certbot generate certificate issued by “Let’s Encrypt Authority X2”, not X3.