I think what we need (whether on the forum or in the docs or something) is the clear timeline of when what is changing. With ECDSA issuance, DST Root's expiration, and alternate chains, it's gotten a little hard to follow. Something like the following (hoping I got it right):
Through May 3
For RSA and almost all EDCSA leaf certificates:
- Default chain:
Leaf ← R3 ← DST Root CA X3 - Alternate chain:
Leaf ← R3 ← ISRG Root X1
For ECDSA leaf certificates from accounts participating in the limited-availability testing:
- Default chain:
Leaf ← E1 ← ISRG Root X2 ← ISRG Root X1 - No alternate chain is available.
Starting May 4
See for more details on this change:
For RSA and almost all EDCSA leaf certificates:
- Default chain:
Leaf ← R3 ← ISRG Root X1 ← DST Root CA X3 - Alternate chain:
Leaf ← R3 ← ISRG Root X1
For ECDSA leaf certificates from accounts participating in the limited-availability testing:
- Default chain:
Leaf ← E1 ← ISRG Root X2 ← ISRG Root X1 - No alternate chain is available.
At some future point not yet decided:
This change is currently only in staging. No release date for production is yet available.
For information on testing this change in staging:
For RSA leaf certificates:
- Default chain:
Leaf ← R3 ← ISRG Root X1 ← DST Root CA X3 - Alternate chain:
Leaf ← R3 ← ISRG Root X1
For all ECDSA leaf certificates
- Default chain:
Leaf ← E1 ← ISRG Root X2 ← ISRG Root X1 - No alternate chain is available.