Angus Robertson 577 Posted June 12, 2020 The trusted root certificate currently used by Let's Encrypt, DST Root CA X3, expires in September 2021. Let's Encrypt issued it's own root certificate, ISRG Root X1, some time ago and it is now available in all major browsers. ICS added it to our bundles three years ago in June 2017 with V8.49. From 8th July 2020, Let's Encrypt will start issuing new certificates signed by an intermediate using the new ISRG root certificate, and the chain will only successfully validate for ICS applications that have the new root. If the internal ICS root bundle is used it must be a new release, but a newer external PEM bundle file can be distributed for use with older ICS applications so they can still access web sites with Let's Encrypt certificates. Because Let's Encrypt certificates expire in three months, they will all be using the new root by mid October 2020. Angus 1 Share this post Link to post