We have just published a blog post detailing our plans to handle the expiration of our ISRG Root X1 cross-sign from IdenTrust’s DST Root CA X3.
The summary is:
- On 2024-02-08, we will stop providing the long chain by default, but clients can still be configured to request it.
- On 2024-06-06, we will stop providing the long chain at all.
- On 2024-09-30, the cross-sign will expire, and any websites still serving it in their TLS handshakes may run into difficulties.
No action on your part is needed. You have the option of doing some manual configuration of your ACME client to gain six extra months of compatibility for older Android devices visiting your sites. If you have any questions, please direct them to this thread.