Many of you have asked for a more simple way to understand the chain changes coming up. We hope this helps and can be a thread we update consistently when more information is available. Always scroll down for the latest posts/information! And note that "end-entity certificate" is another way to say "leaf certificate” or “subscriber certificate”.
For certificates with RSA keys
Through May 3, 2021
-
Default chain: End-entity certificate ← R3 ← DST Root CA X3
-
Alternate chain: End-entity certificate ← R3 ← ISRG Root X1
Starting May 4, 2021
-
Default chain: End-entity certificate ← R3 ← ISRG Root X1 ← DST Root CA X3
- This chain will remain compatible with many Android devices, thanks to the cross-sign! https://letsencrypt.org/2020/12/21/extending-android-compatibility.html
-
Alternate chain: End-entity certificate ← R3 ← ISRG Root X1
- This is a shorter chain, available to people through the API who do not need the Android compatibility of the longer chain. You can choose this chain with many ACME clients, please see your chosen ACME client documentation for more information.
See for more details on this change:
After September 29, 2021
Our default chain and alternate chain will not change, but DST Root CA X3 will expire. Android devices as far back as 2.3.6 will continue to work. Non-Android devices that aren't getting system updates will show certificate errors. On some platforms, using Firefox will be a workaround, since Firefox gets updates even on many out-of-date OSes.
We will periodically issue new intermediates to replace E1, E2, R3, and R4. These intermediates will be signed by ISRG Root X1 or ISRG Root X2, as appropriate to their key type.
September 2024
Our extended cross-sign from (expired) DST Root CA X3 will expire. Android devices older than 7.1.1 will show certificate errors.
For certificates with ECDSA keys
Right now, we issue all end-entity certificates, whether RSA or ECDSA, from our RSA intermediates R3 and R4. And we offer the same chains as described above in the RSA section.
Eventually, we intend to sign ECDSA end-entity certificates with our ECDSA intermediates E1 and E2 instead. This will not be useful to most people until our ECDSA Root X2 is accepted by most root programs, so we are using an allow-list to let early adopters try it out while we wait for inclusion.
-
You can be an early adopter by requesting allow-listing for your ACME account via this form. If you do this, all ECDSA end-entity certificates you request will come with this chain:
-
Default chain: End-entity certificate ← E1 ← ISRG Root X2 ← ISRG Root X1
-
Alternate chain: none
-
-
For the latest information about our ECDSA intermediates, please follow this forum thread.
-
After ISRG Root X2 is accepted by most root programs, we will post to API Announcements with a timeline to start issuing all ECDSA end-entity certificates from our ECDSA intermediate.
Future changes for ECDSA
There are two future changes planned for ECDSA, but we haven't selected dates for them yet:
-
After ISRG Root X2 is accepted by most root programs: All ECDSA end-entity certificates will be issued from an ECDSA intermediate (like E1 and E2).
- Default chain: End-entity certificate ← E1 ← ISRG Root X2 ← ISRG Root X1
- Alternate chain: End-entity certificate ← E1 ← ISRG Root X2
-
After ISRG Root X2 is available on most devices: Switch to a shorter default chain.
- Default chain: End-entity certificate ← E1 ← ISRG Root X2
- Alternate chain: End-entity certificate ← E1 ← ISRG Root X2 ← ISRG Root X1