[firesteelrain]

This is an internal, airgapped network.

We stood up the root CA, created the certificate, imported it, then destroyed the root CA. It’s a common security practice. Root CA can then never be compromised

[wejn]

If you destroy the CA, how do you issue new certs via ACME?

[firesteelrain]

Sub CAs or Intermediate CA

The root CA certificate is used to establish trust in the chain of trust, but it is not directly involved in the certificate issuance process once the trust has been established.