• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Let's Encrypt use IdentTrust Intermediate

swd_danielk

swd_danielk

New Pleskian
When Let's Encrypt configures a SSL Certificate on a domain the ISRG intermediate is used. For some applications it's required that the certificate chain contains the IdentTrust cross-sign certificates which should be contained in the fullchain.

I tried to find out how Plesk manages the certificates but couldn't figure out how to change the chain order.

Any ideas on how to change this behaviour?
Thanks in advance!
 
Hi swd_danielk,

pls. have a look at => #2 for further informations. If you desire more help on your topic, pls. consider to ask more specific, because it is unclear at the moment, what you would like to know, or what your goal is.
 
I think @swd_danielk wants to use a different intermediate certificate in the chain when the certificate comes from Let's Encrypt. But that cannot be possible, because the Let's Encrypt authority would need to be verified by the other trust center in that case. The chain is not determined by the client, but by the certificate issuer.
 
Thanks for your responses: I'll try to clarify the issue.

I'm running a website that is protected via Let's Encrypt. The chain contains a certificate for the domain itself issued by Let's Encrypt Authority X3 and the certificate for Let's Encrypt Authority X3 by the DST Root CA X3. This Certificate is signed by ISRG Root X1. According to the Let'sEncrypt website the intermediates are cross-signed by IdenTrust and the application I want to use does not know / accept the Let's Encrypt ISRG Root. The support mentioned that the certificate chain should contain the IdenTrust instead of / in addition to the ISRG intermediate in order to get everything working.

I was unable to figure out how to changes this when Plesk manages my certificates
 
You must log in or register to reply here.

Similar threads

M
Issue Let's Encrypt Bulk Domain Renewal
Replies
4
Views
597
MacGyver
M
S
Issue Let's Encrypt/SSL It! empty domain name error
Replies
8
Views
1K
SilentWarrior
S
jradzuweit
Resolved How to update Let'S Encrypt certificate with SSL It!
Replies
4
Views
977
jradzuweit
jradzuweit
B
Issue Can't add a Let's encrypt certificate
Replies
5
Views
641
Sebahat.hadzhi
Sebahat.hadzhi
D
Resolved Let's Encrypt Certificate missing domain name
Replies
2
Views
475
davorg
D
Back
Top