I’ve read the instructions here https://www.inductiveautomation.com/resources/article/lets-encrypt-guide-for-ignition
I ended up using https://www.win-acme.com/ (I’m on Windows) but I can’t figure out how to create the root CA certificate from what is generated by Let’s Encrypt.
Specifically the part that says:
As of the time of this writing, Let’s Encrypt is using DST Root CA X3 as the root CA cert. Copy its contents to a .pem file in a well-known location on your server and let’s reference it as $ROOT_CA_CERT in this document.
Would anyone be able to give some help on this? Thanks!
Concatenate the PEM files. In signing order (root last).
Thanks. So I figured out that I can download the root (missed that before) from here:
But when I concatenate the pem files (with that root one at the bottom) it gives the error: A duplicate certificate was detected
If I just concatenate the chain-only with the root it gives the error: Unable to verify the certificate chain of trust
Am I using the wrong root file?
Try just the root file in that last box. You might only have a three-level complete chain. Or otherwise exclude what you put in the other boxes.
Ah, a few things were wrong on my end. I needed to specify Acme.PreferredIssuer to be “ISRG Root X1” in settings.json for WIN-ACME and download that X1 pem from https://letsencrypt.org/certificates/ and then yes, I just needed the root in that last box, nothing concatenated. Thanks for your help!