Hello,
"If you run a typical website, you won’t notice a difference - the vast majority of your visitors will still accept your Let’s Encrypt certificate."
Based on my Analytics, I still have a good % of users on Android < 7.1 and iOS < 10.
Sure, "vast majority" of the users will be accepting the new certificates, but a good significant amount will be affected.
"To make sure the certificates we issue are trusted on older devices, we also have a “cross-signature” from an older root certificate: DST Root CA X3."
"DST Root CA X3 will expire on September 30, 2021."
I understand your position, and that this is the reason.
However (and I apologize for the ignorance), is there no workaround for this, such as cross-signing to some other older widely accepted root CA that is still active?
Are other certificates such as Comodo, Verisign, etc, being affected by the same problem?
Thank you!