I am trying to understand ISRG Root X1 and intermediate/root chains.
I have read transitioning-to-isrg-root (2019/04/15) article indicating a delay in transitioning to ISRG Root X1 (ISRG-X1):
Due to concerns about insufficient ISRG root propagation on Android devices we have decided to move the date on which we will start serving a chain to our own root from July 8, 2019, to July 8, 2020.
So, I can understand that the full certificate chain (ISRG-X1 -> LEA-X3, etc) is not yet recognised by some user-agents, okay. I check this page https://valid-isrgrootx1.letsencrypt.org/ and see my user-agent / browser (Chrome) recognises the certificate as Let’s Encrypt Authority X3 (LEA-X3); and not ISRG-X1. Which tracks the article announcement, however I am still trying to understand:
- Does this mean that a renewed LEA-X3 SSL certificate will be recognised as issued by ISRG-X1 due on and after July 8, 2020?
Why? - Because an API I plan to depend on requires a CA from a list, one of those listed is ISRG-X1; so I can delay my charity project release to co-inside with the delay (~20 days) or try to find an alternative.
- Sub-question: how might I obtain an SSL certificate issued by ISRG-X1?