Ingress Gateway using Let's Encrypt include intermediate certificate

I just haven’t found the magic recipe to make this work today. Does anyone have an example of where to add the intermediate certificate when using ServerTLSSettings.credentialName of the Istio Gateway object? The cacert key is specifically for mtls but we’re just trying to serve a website through the istio gateway using a server certificate. SSL Labs reports the missing intermediate certificate and so we’re trying to fix the certificate chain to include it.

Is this an additional field on the existing secret that credentialName is pointing to? is it a secondary separate secret similar to how mtls is described? Do I have to put the intermediate certificate into the ingressgateway-ca-certs or ingressgateway-certs? I’ve tried all of the above, so lost :smiley: