Extend cross-signed by IdenTrust’s DST Root CA X3

binhnt · May 6, 2024, 8:13am

Hello everyone,

To ensure I understand correctly about the Extend cross-signed certificate by IdenTrust’s DST Root CA X3 (2024-6-6 and 2024-9-30), I hope someone can confirm the following a question for me.
Currently, I have domain e.g: A.com obtaining a long-chain certificate from DST Root CA X3 using "certbot certonly --preferred-chain "DST Root CA X3"" to extend the validity period for older Android devices.
Therefore, if I execute this command again before June 6th (e.g June 2th) , what will happen to my domain after June 6th? Will my certificate obtained before June 6th remain valid, and will older devices continue to use it until it expires (in 2-3 months)?

Thank all.

Osiris · May 6, 2024, 8:37am

Nothing until that certificate expires.

Yes.

webprofusion · May 6, 2024, 9:31am

Renewals after that date will use the ISRG Root X1 chain, because the "DST Root CA X3" chain won't be presented any more. Older devices that do not trust ISRG Root X1 will then have problems communicating with your service.

binhnt · May 7, 2024, 1:47am

Thank you, I really understand

binhnt · May 7, 2024, 1:49am

Yes, we are still planning to make changes in time, thank you for your response

system · June 6, 2024, 1:49am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
IdenTrust DST Root CA X3 expiry Help	18	5235	November 6, 2021
What happens in 2021 when the IdenTrust root certificate expires? Issuance Tech	4	3306	August 22, 2018
Extend cross-signed by IdenTrust’s DST Root CA X3 signed certs Help	14	653	May 18, 2024
Feedback wanted: DST Root CA X3 expiration all-subscriber email Issuance Tech	14	3011	May 6, 2021
Older Android devices Issuance Policy	21	7568	June 12, 2021

Extend cross-signed by IdenTrust’s DST Root CA X3

Related topics