As announced here: (Staging Hierarchy Changes)
the staging root was updated yesterday to new roots. We use the staging roots for testing in our dev environments as described on the staging environment page, putting those roots in our trust store.
The docs for the staging env (Staging Environment - Let's Encrypt - Free SSL/TLS Certificates) still have links to the old staging root. Where can the new root be found and could someone please update the page to have the correct root?
Thanks!
It's the same issue as New issuer for letsencrypt staging, something must have gone wrong during the maintenance. Our testing environments are busted as well.
This documentation page was an oversight during the improvements and changes to the Staging hierarchy. We will be working to get it fully updated today.
In the meantime, the Staging roots are available in similar naming scheme to the production Issuer URI.
Staging X1 http://stg-x1.i.lencr.org
Staging DST http://stg-dst3.i.lencr.org
You can fetch these endpoints to get the DER encoded certificates.
@jillian The Staging X1 certificate you linked is the one signed by the (expired) Staging DST. Do you have the link for the self-signed Staging X1 certificate, as show in the diagram on this page? Extending Android Device Compatibility for Let's Encrypt Certificates - Let's Encrypt - Free SSL/TLS Certificates
We are working to update the chains served by the staging front ends and update the website to have all the certs so you can manually configure any chain you’d like. Thanks for your patience while we make these changes.
I updated the API Announcement Thread for the Staging Hierarchy Changes
The front ends should also be serving an updated default chain that make more sense.
Thank you for making the updates! We've updated our root and our env is working again.
Do I need to update my certbot if I want X2 certs?
X2 certs (i.e. certs issued from our ECDSA intermediate E1) are not yet available, and the changes to staging which will make them available there have not yet happened either. That'll be a separate change.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.