Old X1 Intermediate Let's Encrypt certificate is being used by a new X3 certificate

Created:

2017-03-06 19:24:45 UTC

Modified:

2017-08-08 13:44:17 UTC

0

Was this article helpful?


Have more questions?

Submit a request

Old X1 Intermediate Let's Encrypt certificate is being used by a new X3 certificate

Applicable to:

  • Plesk for Windows

Symptoms

Wrong CA certificate is added to the certificate's chain:

Let's Encrypt Authority X1 is used instead of Let's Encrypt Authority X3 .

Cause

This behavior caused by specific algorithm of Let's Encrypt certificate.

Resolution

  1. Remove X1 certificate from Trusted Root and from Intermediate Certification Authorities :
    Start > certmgr.msc> Trusted Root/Intermediate Certification Authorities
  2. Remove the following regedit records related to certificates:
    reg delete HKU\S-1-5-18\Software\Microsoft\SystemCertificates\CA\Certificates\3EAE91937EC85D74483FF4B77B07B43E2AF36BF4 /f
    reg delete HKLM\Software\Microsoft\SystemCertificates\CA\Certificates\3EAE91937EC85D74483FF4B77B07B43E2AF36BF4 /f
  3. Restart IIS:
    iisreset /restart
  4. If the issue persists, reassign the certificate by selecting None and then back in domain's Hosting Settings .

Additional information can be found here .

Have more questions? Submit a request
Please sign in to leave a comment.