Support choosing preferred chain

### Feature Overview

Let's Encrypt currently has [two certificate chains](https://letsencrypt.org/certificates/) (the default and more widely trusted ISRG Root X1 and the ECDSA ISRG Root X2). I would like to be able to configure my server to prefer the ISRG Root X2 chain.

Certbot supports this with the `--preferred-chain` command line argument (and other tooling such as `cert-manager` and Ansible's `community.crypto.acme_certificate` support similar options).

Any issuer can present alternate cert chains, so this is not Let's Encrypt specific. This also probably would be a configuration of the certificate rather than the issuer resource.

### Alternatives Considered

_No response_

### Additional Context

- [Let's Encrypt Chains of Trust](https://letsencrypt.org/certificates/#chains)
- [`cert-manager` config example](https://cert-manager.io/v1.0-docs/configuration/acme/#use-an-alternative-certificate-chain)
- Ansible [`community.crypto.acme_certificate`](https://docs.ansible.com/ansible/latest/collections/community/crypto/acme_certificate_module.html#parameter-select_chain) which allows for more granular control over selecting the chain

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Support choosing preferred chain #35

Feature Overview

Alternatives Considered

Additional Context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Support choosing preferred chain #35

Description

Feature Overview

Alternatives Considered

Additional Context

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions