Jump to content
Angus Robertson

Let's Encrypt old root expiry

Recommended Posts

The trusted root certificate currently used by Let's Encrypt, DST Root CA X3, expires in September 2021. 


Let's Encrypt issued it's own root certificate, ISRG Root X1, some time ago and it is now available in all major browsers.   ICS added it to our bundles three years ago in June 2017 with V8.49. 


From 8th July 2020, Let's Encrypt will start issuing new certificates signed by an intermediate using the new ISRG root certificate, and the chain will only successfully validate for ICS applications that have the new root.  If the internal ICS root bundle is used it must be a new release, but a newer external PEM bundle file can be distributed for use with older ICS applications so they can still access web sites with Let's Encrypt certificates. 


Because Let's Encrypt certificates expire in three months, they will all be using the new root by mid October 2020. 



  • Thanks 1

Share this post

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now