Append additional certificates to cabundle?

[Jaanus Nurmoja]

My sites were moved to new CPanel server from another that used DirectAdmin with builtin Let's Encrypt functionality. There, after getting certificates from LE I could paste also additional certificates to the CA bundle, appending them to existing ones. In my case the additional certificates (totally 14) were needed to enable Estonian ID-card authentication. And yes, it worked, although every time the LE certs were renewed I had to paste my own bundle again.

Unfortunately, I had to admit that I can't do the same with CPanel/AutoSSL. When trying to add something more to the cabundle field, it start to scream that the bundle is invalid When I paste there only the root certificate then this alert doesn't appear but after installed, this additional one is cut off.

I am using shared host, the CP version is 66.

My questions:

1. what could I do (and/or my hosting provider) just now to enable additional certs for my site(s)?
2. would it be possible to improve Cpanel so that we could install also custom cabundle(s) and AutoSSL wouldn't overwrite them?

Many thanks!

 

[cPWilliamL]

The way this is generally handled is by adding them to your server's trust store:
Certificate Installation with OpenSSL - Other People's Certificates

However, as you are using a shared host, I don't think most admin's would like adding them as it would affect all users on the server. Regarding the improvement from a cPanel side, our checks are done through OpenSSL. So if it's reporting invalid, I believe we will honor that because OpenSSL reports a trust issue.