ISRG Root X1 not updated to self-signed version
-
I run Plus 24.03-RELEASE, with all current patches along with acme 0.8_1. I use acme to source Let’s Encrypt certificates for several domains with Cloudflare DNS.
After the Let’s Encrypt “Chains of Trust” changes from 6 June 2024 I have renewed all my certificates which now have intermediate CAs of ISRG R10 or Rll, I have deleted the old R3 CA.
Certificate manager is still showing ISRG Root X1 valid from 20 Jan 2021 to 30 Sept 2024 i.e. the cross-signed version, not the self-signed version valid from 4 June 2015 to 4 June 2030.
I have tried adding a new domain via acme but that has used the existing ISRG Root X1.
Will acme automatically update ISRG Root X1 before 30 Sept 2024 or do I need to act?
If action is required, can I simply paste the self-signed pem contents into the existing CA entry for ISRG Root X1?
-
Did you ever figure this out? I have the same question and September 30 is getting closer every day.
-
@PatRyan I pasted the self-signed pem contents into the existing CA entry for ISRG Root X1 and all has been fine.
-
I personally deleted the existing CA entry for ISRG Root X1, all seems to be working fine and certs are renewing.
-
@AMG-A35 Could you please explain where to get this self-signed pem contents and where to put them into?
-
@accidentallyadmin Looking at posts here and Reddit looks like simply deleting ISRG Root X1 and the renewing certificates works fine.
