We’ve been working on fixing Windows XP support for Let’s Encrypt certificates. We’ve got new intermediates issued from IdenTrust that we’ll be testing out today and rolling out if everything is good. We’re also rolling out a new untrusted fake root and fake intermediate on the staging server.
The new trusted intermediates will be called “Let’s Encrypt Authority X3” and “Let’s Encrypt Authority X4,” and will be in the CT logs and on our web site. The new untrusted intermediates will be “Fake LE Root X1” and “Fake LE Intermediate X1.” If you see a certificate from one of the untrusted intermediates on a live website, it was issued against the staging server and should be reissued against production if you want it to be trusted.
If you’re happy with your end-entity certificates, you don’t need to do anything. The next time you renew them, the new certificates will be trusted by Windows XP. If you want support for Windows XP, wait for an update on this thread announcing that the new intermediates are installed, then renew your certificates.
It’s worth noting that “Let’s Encrypt Authority X3” and “Let’s Encrypt Authority X4” will have the same public keys as “Let’s Encrypt Authority X1” and “Let’s Encrypt Authority X2,” respectively. We issued the new certificates using our existing keys so that we would not have to delay Windows XP support until our next key ceremony (currently unscheduled).
Browsers and other TLS clients generally validate certificate chains based on both the issuer public key and the issuer name. So when you renew your certificates, it’s important to serve them with the correct certificate chain. If you’re using the official client you should be fine. Similarly, if your client correctly uses the
Link: rel="up";title="issuer" header received on issuance, you won’t have any issues. The only place you might expect to have issues is if you hardcoded the certificate chain somewhere. If that’s the case, you should update your code to use the issuer certificate provided at issuance time.
Similarly, OCSP responses for certificates issued by Let’s Encrypt Authority X3 will be signed by Let’s Encrypt Authority X3. For end-entity certificates already issued by Let’s Encrypt Authority X1, the OCSP responses will continue to be signed by Let’s Encrypt Authority X1 until the end-entity certificate expires. If you do manual validation of OCSP responses, make sure that you are validating based on the correct issuer certificate for the end-entity certificate, not based on a hard coded issuer certificate.