You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On 11/02/2024 some letsencrypt certificates where updated in our cluster, and they were generated with the old certificate chain (signed by DST Root CA X3). We had configured as preferredChain in the clusterissuer "ISRG Root X1". It seems that after letsencrypt change in the default chain provided, the preferredChain configuration is not working properly.
To solve this, we removed the preferredChain configuration in the clusterissuer, and the certificate provided by letsencrypt was the right one (signed by ISRG Root X1). Is anyone else having this issue?
Our cert-manager version is 1.12.3
The text was updated successfully, but these errors were encountered:
germanmichelena-dia
changed the title
preferredChain behaviour for letsEncrypt certificates after february 8
PreferredChain behaviour for letsEncrypt certificates after february 8
Feb 14, 2024
On 11/02/2024 some letsencrypt certificates where updated in our cluster, and they were generated with the old certificate chain (signed by DST Root CA X3). We had configured as preferredChain in the clusterissuer "ISRG Root X1". It seems that after letsencrypt change in the default chain provided, the preferredChain configuration is not working properly.
https://community.letsencrypt.org/t/shortening-the-lets-encrypt-chain-of-trust/201580
To solve this, we removed the preferredChain configuration in the clusterissuer, and the certificate provided by letsencrypt was the right one (signed by ISRG Root X1). Is anyone else having this issue?
Our cert-manager version is 1.12.3
The text was updated successfully, but these errors were encountered: