aboutsummaryrefslogtreecommitdiffstats
path: root/certs/E1.pem
AgeCommit message (Expand)AuthorFilesLines
2024-06-21certs: E1 / E5 -> ISRG Root X2•••In the beginning of Let's Encrypt their root certificate ISRG Root X1 was not widely trusted, at least some older and/or mobile platforms were missing that certificate in their root certificate store. At that time Let's Encrypt was using an alternative chain of trust, where a certificate was cross-signed with DST Root CA X3. To make sure a valid chain of trust is available under all circumstances a set of all certificates had to be supplied: both root vertificates ISRG Root X1 & DST Root CA X3, and an intermediate certificate. This was still true after DST Root CA X3 expired, as it could still be used as a root anchor and was shipped by Let's Encrypt when requested. 🤪 This time is finally over, and we have a clean chain for trust ending in ISRG Root X1 (or ISRG Root X2). Well, actually it is the other way round... Let's Encrypt signs with different tantamount intermediate certificates. There is not only E5, but also E6 - and we can not know beforehand which one is used on renew. So let's jetzt drop the intermediate certificates now, and rely on root certificates only. We are perfectly fine with this these days. Follow-up commits will do the same for *all* certificates. The certificate is downloaded with: curl -d '["ISRG Root X2"]' https://mkcert.org/generate/ | grep -v '^$' > certs/ISRG-Root-X2.pem Gravatar Christian Hesse1-124/+0
2023-10-26global: switch eworm.de to new certificate chain (E1 / ISRG Root X2)•••old chain: R3 / ISRG Root X1 new chain: E1 / ISRG Root X2 No user interaction or migration is required for existing installations as we install 'E1' and 'ISRG Root X2' for some time already. Gravatar Christian Hesse1-119/+0
2020-12-30certs: add plain text info about certificates•••Also order certificates, so we have: * intermediate * root * alternative root, if any Let's add 'ISRG Root X1' for 'E1' as there will be a valid cross-signed chain 'E1' -> 'ISRG Root X2' -> 'ISRG Root X1'. Gravatar Christian Hesse1-0/+212
2020-12-17certs: add new Let's Encrypt certificates•••https://letsencrypt.org/certificates/ Gravatar Christian Hesse1-0/+31