We use an ICPEDU institutional certificate that is part of GlobalSIgn.
In traefik we are using only the *.company.org certificate and the key. Doing tests on sslabs, informs that the chain of certificates is incomplete.
In apache we use a bundle that contains the ICPEDU Intermediary + GlobalSIgn Intermediary + GlobalSign Root and works like a charm.
In the traefik I made the concatenation including our certificate *.company.org, staying like this:
*.company.org + ICPEDU intermediary + GlobalSIgn Intermediario + GlobalSign Root
This way it did not work and there is always an error informing that no certificate was found.
What is the correct order?