Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Our servers are not able to send intermediate certificate R3 using let's encrypt

    Scheduled Pinned Locked Moved ACME
    1 Posts 1 Posters 517 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      HYDS DevOps
      last edited by

      Our servers are not able to send intermediate certificate R3 using let's encrypt.

      We are using Acme Certificates & Certificate Manager in a 2.4.5 pfSense.

      Due to the root certificate expiration in 29 of September, we followed the instructions in this post (https://forum.netgate.com/topic/166269/heads-up-dst-root-ca-x3-expiration-september-2021/1) in order to renew the certificate.

      Once renewing the certificates through Acme Certificates in pfSense we can see in the Cert. Manager that those certs are being generated but once we try to execute a openssl s_client command (doesn't work with curl either) agains our domains it shows:

      capturapfforum2.png

      Besides once doing a query on ssllabs we can see the following:
      capturapfforum.png

      We can see that the previous certificate is still sent by the server but the new R3 certificate tells us that need "Extra download".

      We believe that our server is not seding the R3 but we can't figure out why.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.