diff --git a/plugins/inputs/x509_cert/x509_cert.go b/plugins/inputs/x509_cert/x509_cert.go
index 8558378d1..825fd5eeb 100644
--- a/plugins/inputs/x509_cert/x509_cert.go
+++ b/plugins/inputs/x509_cert/x509_cert.go
@@ -176,9 +176,16 @@ func (c *X509Cert) Gather(acc telegraf.Accumulator) error {
 
 			// The first certificate is the leaf/end-entity certificate which needs DNS
 			// name validation against the URL hostname.
-			opts := x509.VerifyOptions{}
+			opts := x509.VerifyOptions{
+				Intermediates: x509.NewCertPool(),
+			}
 			if i == 0 {
 				opts.DNSName = u.Hostname()
+				for j, cert := range certs {
+					if j != 0 {
+						opts.Intermediates.AddCert(cert)
+					}
+				}
 			}
 			if c.tlsCfg.RootCAs != nil {
 				opts.Roots = c.tlsCfg.RootCAs