Recommended chain

sdeziel · September 24, 2021, 5:30pm

On Chain of Trust - Let's Encrypt, it is said:

Almost all server operators will choose to serve a chain including the intermediate certificate with Subject “R3” and Issuer “DST Root CA X3.”

As far as I understand, the now recommended version of "R3" to send is the one issued by "ISRG Root X1". If that is right, the above sentence needs to be updated.

Osiris · September 24, 2021, 5:47pm

Not taking minor changes around that specific piece of info into account, that sentence is 5 years old: it was part of the initial upload of the website back in 2016.

It should have been updated back in May this year already.

jvanasco · September 24, 2021, 5:49pm

I checked the github repo earlier, and there was no Issue or PR to update this page. Someone could/should if they have time. I am swamped on other projects today.

Osiris · September 24, 2021, 5:53pm

Done.

sdeziel · September 24, 2021, 6:04pm

Thank you both, here's the PR: The recommended version of "R3" is the one issued by "ISRG Root X1" (#1302) by simondeziel · Pull Request #1303 · letsencrypt/website · GitHub

Osiris · September 24, 2021, 7:43pm

Dang, it's already merged! Nice

Topic		Replies	Views
ISRG vs DST Root on R3 Issuance Tech	13	2516	March 7, 2021
DST vs ISRG Chain as default? Issuance Tech	8	1854	May 24, 2021
Transition from X3 to R3 Intermediate Issuance Tech	4	4746	November 2, 2020
Is the preferred-chain 'DST X3 Chain' option live? Help	5	2150	January 20, 2021
Issuance on R3 vs. X3: is this configurable? Issuance Tech	27	8960	December 24, 2020

Recommended chain

Related topics