Certificate Updated CA - R11 still pointing to ISRG Root X1

jrey

My Let's Encrypt certificate renewed again last night on time and as expected. This has been working well. And the certificate works in all areas I use it in.

The Certificate Authority (chain) however doesn't seem correct as the R11 still chains up to ISRG Root X1 which is set to expire in Sept

I confirmed the "1" certificate count shown on the ISRG Root X1 by looking first in the config.xml and checking the R11 caref attribute does in fact point to the refid of the X1 certificate.
Second check was then looking at the chain in a browser the is using the certificate

Have I missed something? the renewal process has been working fine for several cycles (months, even on prior versions). Currently on 24.03 and acme is at 0.8_1

Thanks

jrey

Resolved

Found some documentation on Let's Encrypt (I really though the CA change would be handled automatically, apparently not)

What I did was grab the pem they have listed, create a new CA with the same name, paste the pem and save the new CA

The chain "Certificates" immediately changed to the new CA removing the count of 1 from the Sept 2024 soon to expire CA and assigning it to the new one (likely would have been fine to just replace the cert pem data in the original and update it.)