LetsEncrypt Certificate untrusted on XG 18.0.4 MR4

Question

Hi Folks 
 I have a problem with importing a certificate (pfx) into Sohpos XG [SFVH (SFOS 18.0.4 MR-4)]. 
 I have a LetsEncrypt certificate which covers 3 domains including wildcards for the domains in the SAN list. The certificate is in PFX format (private key + fullchain cert). When I import (upload) the pfx file into the system everything works fine (green confirmation). The cert is added to the store but "Authority" shows a red cross instead of a green checkmark. This results in the certificate not available for Web-Publishing rules. 
 If I import the same certificate (pfx) into XG 18.0.3 MR3 everything is fine and I can use it for Web-Publishing. 
 The LetsEncrypt certificates trust chain is 
 DST Root CA X3 -> R3 -> mydomain.org 
 So what's the problem here ? What's the difference between MR3 an MR4 ? When I check CA certstore of the MR4 system I can see that both chain members 
 - DST Root CA X3 - R3 
 exist in the store. 
 So this is weird. 
 Any idea.

GeraldBossert-Stumvoll · Accepted Answer

hi, 
 when you mouse over the red cross in the certificate list it displays: "Expected issuer /C=US/O=Let's Encrypt/CN=R3" 
 so i searched for the active Let's Encrypt R3 intermediate certificate, replaced the cert authority and my Let's Encrypt certificate goes green again ;-) 
 more detailed steps: 
 1. Go to Menu section "System" -> Certificates -> Certificate authorities 
 2. Filter "name" for "lets" to search for letsencrypt entries. There should be one entry. Click on the name or the edit-pencil on the right. 
 3. Dowload https://letsencrypt.org/certs/lets-encrypt-r3.pem or read the instructions on https://letsencrypt.org/certificates/ 
 4. Choose the downloaded file for "Certificate *" and save the entry. 
 5. click on the tab "Certificates" and check the Authority or your Let's Encrypt certificate.