Let’s encrypt’s certificate is based of the “DST Root CA X3” root certificate. But there exist two different versions of this certificate!?
The version of the certificate in Windows cert. store (7 & 10) has the serial no:
The version in e.g. Chrome cert. store, and the one’s your Let’s-Encrypt-signed certificates are based on, have the serial no:
Those two have the same name and “Valid to” date.
I would expect these would be the same…what’s the explanation of this?
I assume this mean applications checking for the trusted CA root certificate in the Windows cert. store (in contrast to the browser cert. store) will not see the Let’s Encrypt cert as trusted
E.g. MS Office applications.