Alternative chain paths #68
Comments
|
Sorry for the slow response on this one. I don't know off-hand what simp_le is doing differently; I'll try to find time in the next week to sit down and figure it out (but I wanted to at least respond in the meantime, rather than just not acknowledging the issue). |
|
I don't think simp_le does things differently than certbot, I have certificates created by both and they both have the same chain : mydomain.tld > Let's Encrypt Authority X3 > DST Root CA X3 (as does Let's Encrypt community board). The demo page you linked is providing two chains, the one that seems to be provided by default by simp_le or certbot and the second one with ISRG Root X1. I don't think there is an option in certbot to get that chain instead of the one that is cross signed by DST Root CA X3. |
|
Thanks for reply and for the links. I have found only the one with ISRG Root X1. It seems that DST Root X3 is the standard one. @buchdag I don't think that the page offer 2 alternative chains (see |
|
@buchdag thanks for investigating this. |
Thank you for maintaining
simp_letool.I have a question about alternative chains for issued certificates, which are described in Chain of Trust
I use
simp_lewith-f fullchain.pemparameter and it saves 2 certs in the file:Which is correct and trusted with IdenTrust DST Root CA X3. But if I look on Let's Encrypt demo webpage, it sends following chain:
So my question is why simp_le generates chain with DST Root CA X3 and demo page is with ISRG Root X1? Is there some way to generate chain with both alternative paths?
The text was updated successfully, but these errors were encountered: