Shortening the Let’s Encrypt chain of trust

Let’s Encrypt has announced a transition plan that will affect the compatibility of their certificates with Android devices. Previously, Let’s Encrypt had cross-signed their certificates with IdenTrust’s DST Root CA X3 to ensure widespread trust. However, as their own ISRG Root X1 became trusted on its own, they needed to make changes. Now, Let’s Encrypt will be dropping the cross-sign and relying solely on ISRG Root X1. This will increase trust on Android devices, especially with the upcoming release of Android version 14. It will also reduce certificate bytes sent in a TLS handshake and lower operating costs for Let’s Encrypt. The transition will occur in stages, with the cross-signed certificate expiring on September 30th, 2024. Overall, Let’s Encrypt is focused on improving privacy and security while ensuring a smooth transition for their users.

To top