Hi,
Yes, some certificates were renewed and now that Letsencrypt is using both R10 and R11 for RSA keys (since June 2024, see Chains of Trust - Let's Encrypt), it can be that it will be initially signed on one but renewed then on the other one. We detected the issue and adapted the process to ensure correct CA chain would be also distributed by ansible
1 Like