360 company's browser currently occupies a huge market share in Mainland China, they have previously launched their own trust store.
I guess they deployed their own trust store because many people in Mainland China are unwilling to open Windows Update, and the 360 browser supports Windows XP so far.
Therefore, it is necessary for them to maintain a trust store.
Before it was acquired, StartCom's free SSL certificate and cheap code signing certificate were very affordable.
I put forward this proposal only considering that users can normally access websites that use Let's Encrypt certificates without updating the system. Although they should update the system.
Contain valid OCSP, AIA and CRL URLs, and appropriate OIDs as defined by the CA/Browser Forum documents.
Let's Encrypt doesn't make CRL and realistically can't because it would be gigabyte range if we try.
unless they change policy, LE can't satisfy the requirement.
Unfortunately, I did not get a response.
I took a look at the Trusted Root listed in website, they don't seem to be asking for "all", but just one of them.
For example, the CA of www.bilibili.com is GlobalSign Root CA - R1, and its certificate only contains OCSP.
So ISRG Root X1 meets the requirements. As for X2, there seems to be no way.
--- UPDATE --- Authority Information Access: CA Issuers - URI:http://x2.i.lencr.org/
I am not sure, but it seems that X2 is also eligible? After all, this is also AIA.