Production Chain Changes

Many of you have asked for a more simple way to understand the chain changes coming up. We hope this helps and can be a thread we update consistently when more information is available. Always scroll down for the latest posts/information! And note that "end-entity certificate" is another way to say "leaf certificate” or “subscriber certificate”.

For certificates with RSA keys

Through May 3, 2021

  • Default chain: End-entity certificate ← R3 ← DST Root CA X3

  • Alternate chain: End-entity certificate ← R3 ← ISRG Root X1

Starting May 4, 2021

  • Default chain: End-entity certificate ← R3 ← ISRG Root X1 ← DST Root CA X3

  • Alternate chain: End-entity certificate ← R3 ← ISRG Root X1

    • This is a shorter chain, available to people through the API who do not need the Android compatibility of the longer chain. You can choose this chain with many ACME clients, please see your chosen ACME client documentation for more information.

See for more details on this change:

After September 29, 2021

Our default chain and alternate chain will not change, but DST Root CA X3 will expire. Android devices as far back as 2.3.6 will continue to work. Non-Android devices that aren't getting system updates will show certificate errors. On some platforms, using Firefox will be a workaround, since Firefox gets updates even on many out-of-date OSes.

We will periodically issue new intermediates to replace E1, E2, R3, and R4. These intermediates will be signed by ISRG Root X1 or ISRG Root X2, as appropriate to their key type.

September 2024

Our extended cross-sign from (expired) DST Root CA X3 will expire. Android devices older than 7.1.1 will show certificate errors.

For certificates with ECDSA keys

Right now, we issue all end-entity certificates, whether RSA or ECDSA, from our RSA intermediates R3 and R4. And we offer the same chains as described above in the RSA section.

Eventually, we intend to sign ECDSA end-entity certificates with our ECDSA intermediates E1 and E2 instead. This will not be useful to most people until our ECDSA Root X2 is accepted by most root programs, so we are using an allow-list to let early adopters try it out while we wait for inclusion.

  • You can be an early adopter by requesting allow-listing for your ACME account via this form. If you do this, all ECDSA end-entity certificates you request will come with this chain:

    • Default chain: End-entity certificate ← E1 ← ISRG Root X2 ← ISRG Root X1

    • Alternate chain: none

  • For the latest information about our ECDSA intermediates, please follow this forum thread.

  • After ISRG Root X2 is accepted by most root programs, we will post to API Announcements with a timeline to start issuing all ECDSA end-entity certificates from our ECDSA intermediate.

Future changes for ECDSA

There are two future changes planned for ECDSA, but we haven't selected dates for them yet:

  • After ISRG Root X2 is accepted by most root programs: All ECDSA end-entity certificates will be issued from an ECDSA intermediate (like E1 and E2).

    • Default chain: End-entity certificate ← E1 ← ISRG Root X2 ← ISRG Root X1
    • Alternate chain: End-entity certificate ← E1 ← ISRG Root X2
  • After ISRG Root X2 is available on most devices: Switch to a shorter default chain.

    • Default chain: End-entity certificate ← E1 ← ISRG Root X2
    • Alternate chain: End-entity certificate ← E1 ← ISRG Root X2 ← ISRG Root X1
26 Likes

That is today! This change is live in Production. The details are still available at the linked API Announcements thread.

15 Likes

Hello again! Since the DST Root CA X3 expires at Sep 30 14:01:15 2021 GMT, here’s an update that may be helpful to you!

We have a page on our website that talks specifically about this expiration.

If you are using OpenSSL 1.0.2, there are several workarounds available.

If you are using very old versions of Firefox (prior to version 50, in November 2016) that no longer can receive updates of their root store, please upgrade to a newer version of Firefox.

Windows users may have some unique issues - please check out this write-up from @webprofusion.

Two weeks ago we spoke with Boulder developer Aaron Gable about this expiration in detail - check out the video here.

Here’s where you can find more information about the Let’s Encrypt Certificate Hierarchy.

We have extended Android device compatibility for Let’s Encrypt certificates through use of a cross-sign.

Andrew Ayer did a great write-up of fixing the breakage from the AddTrust External CA Root expiration in May 2020.

For all changes with our API, we post in the API Announcements category in our community forum. Sign in and hit the bell for notifications to be sent to your email!

We (and our community) are here for you! If you have any questions about this change, search on our community forum or post on the thread we have to help you with this very topic.

16 Likes