How to opt into short chain?

Does that happen suddenly though? I feel like obsolescence in this regard is usually a gradual thing.

Just to clarify, there is the order URL, but then there is the certificate URL, which in my experience will always exist as long as the cert is not expired. My own ACME clients save the cert URL for re-downloading if needed (not the order URL).

When it comes to new technology adoption, this sort of obsolescence affects sectors/markets/demographics/whatever in completely different ways.

The overall numbers will show a gradual decline, but you'll see certain populations barely change for long periods of time.

For most websites, stopping support of an older browser/certificate/etc will not have a tangible effect, because only 1-3% of users might be affected and can be written off - it's that gradual effect you're talking about. For others, the same decision at the same time might be a business liability as 10-30% of users could be affected; if you're doing e-commerce or monetized publishing, you can't write that off.

The adoption (or "legacy support") rates can often be tied to a property's demographics and geolocations, among other factors, so the dropoffs are not a surprise - but an unplanned changed root/chain can be.

3 Likes

That is how Let's Encrypt / Boulder works, yes, but it is not guaranteed by the spec.

6 Likes

And even if the spec did "guarantee" it, a CA (or your own network) might have some catastrophic downtime at just the moment you wished you were using a different chain.

Obviously not that likely a case, but something some users might want to consider.

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.