Let's Encrypt Authority X3 has not been used in nearly four years.
The current issuing intermediates are named R3 and E1. As recently announced, we will soon begin issuing from four new intermediates named E5, E6, R10, and R11.
You can see details of all of these certificates on our hierarchy documentation page.
None of these certificates share the same Subject or Public Key as Let's Encrypt Authority X3.
And it is clear, thank you very much for the information, that is, this certificate can not be updated?
It was replaced.
If you can give some details on why you would want Let's Encrypt Authority X3 to be "updated", perhaps we can help you find a solution.
Ideally, mothing should rely on that specific certificate. It was an intermediate, and intermediates change frequently.
I see, thank you very much
Elaborating on this answer:
The main reason the X3 Intermediate has appeared on servers and code is improperly designed ACME clients and web servers.
Many developers erroneously hard-coded this intermediate certificate into their projects, not realizing that intermediate certificates are ephemeral and subject to change at any time.
Web Servers, Operating Systems, cryptography libraries, or miscellaneous projects should only have the Trusted Roots. (Ideally your projects/servers will not have this info, and instead rely on the OS or an actively maintained library.)
ACME clients should expect every certificate to be signed by an unknown intermediate, and download the intermediate certificate / chain from the payload identified in the ACME process.
Integrations should use the intermediate/chain associated with the certificate that was downloaded from the ACME server.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.