Problem with ca root certificate ISRG Root X1 with let's encrypt

[xavier02]

Hello,

When i generate (by da webui) a new letsencrypt certificate or renew it , the CA Root Certificate don't contain the ISRG Root X1.
It's only contain the "R3" certificate.

I read the doc https://docs.directadmin.com/webservices/ssl/ssl-and-letsencrypt-for-domains.html and i don't know how to force to use the
--preferred-chain="ISRG Root X1" when i generate a new let's encrypt or renew it (by directadmin webui).

My server version is : up to date
CloudLinux release 8.6 (Leonid Kadenyuk)
/usr/local/directadmin/scripts/letsencrypt.sh #VERSION=2.0.31
custombuild 1.0.37
lego Let's Encrypt client. Version 953d5c85145b6a2b9a52f2d919faf23e04a359b3
and all is update

My target is have in the Ca root both certificates : "R3" and the "ISRG Root X1" in standard x509 and no bundle.

In advance thank you for your help.

 

[zEitEr]

Hello,

Here is a patch for Let's Encrypt script from DirectAdmin to force it to use "DST Root CA X3" instead of "ISRG Root X1" when issuing SSL certificates:

- https://github.com/poralix/directadmin-utils/blob/master/letsencrypt/poralix_patch_chain.sh

For installation run as root:

mkdir -p /usr/local/directadmin/custombuild/custom/hooks/letsencrypt/post/
cd /usr/local/directadmin/custombuild/custom/hooks/letsencrypt/post/
wget -O poralix_patch_chain.sh https://raw.githubusercontent.com/poralix/directadmin-utils/master/letsencrypt/poralix_patch_chain.sh
chmod 750 poralix_patch_chain.sh
/usr/local/directadmin/custombuild/build letsencrypt

The patch will be applied automatically every time by running command:

/usr/local/directadmin/custombuild/build letsencrypt

or you might execute it manually as needed or with cron.

 

[xavier02]

Hello,
Thank you for your quick reply.

This github it's interesting
The solution work.

Have a nice day.