Let’s Encrypt recently generated new intermediate CA key pairs and certificates to enhance online security and speed. These new intermediates are replacing older ones that are reaching expiration dates. The new batch includes 2048-bit RSA and P-384 ECDSA intermediates. Rotating intermediates every three years improves security and prevents key pinning issues. Shorter lifetimes and randomized issuance shouldn’t impact general users, but may affect subscribers pinning old intermediates. The new ECDSA intermediates offer smaller certificate chains, increasing efficiency. Minor changes, such as updating hashing algorithms, have been made for improved security. Let’s Encrypt will continue to deploy new keys and maintain emergency backups.
https://letsencrypt.org/2024/03/19/new-intermediate-certificates.html