Serving a chain to the ISRG Root on the Let's Encrypt website


#1

Starting shortly, the Let’s Encrypt website will serve a certificate trust chain that utilizes our own ISRG Root X1 rather than IdenTrust’s DST Root X3.

Visitors to the Let’s Encrypt website currently trust our website’s Let’s Encrypt certificate via IdenTrust rather than our own root. This is because the Let’s Encrypt website is currently serving a certificate trust chain which utilizes our cross-signature from IdenTrust. This is how the vast majority of websites using certificates from Let’s Encrypt are configured because the IdenTrust root has always had more widespread compatibility than our own root.

We have made quite a bit of progress expanding the compatibility of our own root. Our root is now included by all major root programs. It will take more work and time before our root is trusted as widely as some other roots, but we’re ready to start using our own root on our own website and we’d love to hear about any problems people have as a result. Please let us know by posting on our community forum here.


#2

This is great news !
Hopefully (down the road) an ECC root cert will be used too.