A client manufactures Android devices and they also have a lot that are older than Android 8.
So I was closely following the LE blog posts about the changes, now today the topic came back during a meeting and I was double checking to make sure what the impact would be for us.
I was reading this blog post: Extending Android Device Compatibility for Let's Encrypt Certificates - Let's Encrypt
But this part was confusing me:
What happens when the new cross-sign expires? This new cross-sign will expire in early 2024. Prior to that, perhaps as early as June 2021, we will be making a similar change to what we intended to make this January. When we make that change, subscribers will have the option to continue using DST Root CA X3 by configuring their ACME client to specifically request it.
"subscribers will have the option to continue using DST Root CA X3 by configuring their ACME client to specifically request it" but from my understanding this shouldn't be the case and it will use DST Root CA X3 by default or not?
We just want to make sure because the impact might be very big very us if this is not the case.
So I think my main question is will certbot by default continue issuing certs that use DST Root CA X3?
And for how long? In the blog post it is mentioned until early 2024.