Should we move certificate transition page to different CA?

Not cross-sign, but just a leaf cert for
if we left it as is user who will need this be able to see page will just see certificate error. I think we should host some transition page. While chrome's own root store will make certificate download error-free, it's just 2 mouths left, so I don't expect chromium will move to own root store in time.

1 Like

I'm not sure what transistion you are looking to be conveyed on that page, can you please elaborate?

We have a blog post about our upcoming root transistion:

And corresponding information in the API announcements:

If this is a transistion to new intermediates, we have this blog post

with more information about the certificates here:
1 Like

But as those page use LE cert, thoses who visit after root change will just see cert error

1 Like

Sounds like a classic catch-22.

You would know why you're seeing an error on this page now if you had read this page before the error was shown.

Put another way:
You need to read the unreadable page to know why it's unreadable.


Which browsers do you believe won't be able to reach the page? ISRG Root X1 is in all the major browsers. It's not in Windows 10 20H1, from what I can tell, but that's very different from suggesting everyone visiting the site will receive a certificate error when it goes live.

1 Like

Any android before 7.1.1

1 Like

The problem exists if there will be a significant quantity of people who will be affected. I don't think the disenfranchised will be too concerned about the general experience. :slightly_smiling_face:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.