Recommended chain

sdeziel · September 24, 2021, 5:30pm

On Chain of Trust - Let's Encrypt, it is said:

Almost all server operators will choose to serve a chain including the intermediate certificate with Subject “R3” and Issuer “DST Root CA X3.”

As far as I understand, the now recommended version of "R3" to send is the one issued by "ISRG Root X1". If that is right, the above sentence needs to be updated.

Osiris · September 24, 2021, 5:47pm

Not taking minor changes around that specific piece of info into account, that sentence is 5 years old: it was part of the initial upload of the website back in 2016.

It should have been updated back in May this year already.

jvanasco · September 24, 2021, 5:49pm

I checked the github repo earlier, and there was no Issue or PR to update this page. Someone could/should if they have time. I am swamped on other projects today.

Osiris · September 24, 2021, 5:53pm

Done.

sdeziel · September 24, 2021, 6:04pm

Thank you both, here's the PR: The recommended version of "R3" is the one issued by "ISRG Root X1" (#1302) by simondeziel · Pull Request #1303 · letsencrypt/website · GitHub

Osiris · September 24, 2021, 7:43pm

Dang, it's already merged! Nice

system · October 24, 2021, 7:43pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
R3 still issuing certificates Issuance Policy	7	647	June 20, 2024
Issue certificate using the IdentTrust « old chain » Help	19	2462	June 17, 2021
When will Let's Encrypt switch to chain "Subscriber Certificate < – R3 < – ISRG Root X1 < – DST Root CA X3"? Help	6	768	March 25, 2021
Chain has the wrong root certificate (update: no it doesn't) Help	4	434	October 14, 2023
Recommendation on client-side trusted root CA certificates Help	3	1466	January 16, 2021

Recommended chain

Related topics