AIA CA Issuers links and the ISRG X1 cross-sign from DST X3

With the upcoming ISRG X1 cross-sign for Android compatibility, I'm wondering what chain the certificates referenced in the CA Issuers link in the Authority Information Access section will point to.

Currently leaf certificates have a link to, which is the R3 intermediate issued off of the DST Root CA X3 certificate that's expiring in September.

Given that the plan is for the default chain to change, will that link point to the R3 signed by ISRG Root X1 instead? And will the AIA CA Issuers link in the ISRG Root X1 certificate point to the DST Root CA X3 certificate?

Would this change happen concurrently with the switchover to the new default chain for issuance?


Welcome Back to the Let's Encrypt Community, Joe :slightly_smiling_face:


What say you?


We intend for the contents served by that AIA URL to always reflect the version of the issuer certificate provided by our default chain. As such:

Yes, and yes.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.