On Tue, 21 Sep 2021 08:48:35 +1200, Peter Reutemann quoted:
'On 30th September 2021, the root certificate that
Let's Encrypt are
currently using, the IdentTrust DST Root CA X3 certificate, will
Checking the cert on my geek-central.gen.nz VPS, it was issued by a CA
named “Internet Security Research Group” with a “Common Name” of “ISRG
Root X1”. The CA cert validity goes from “Not Before Fri, 04 Sep 2020
00:00:00 GMT” to “Not After Mon, 15 Sep 2025 16:00:00 GMT”.
Within Firefox itself, the installed CA cert for that same organization
has a validity up to 4th June 2035.
Ah, I see why the discrepancy: my server’s cert actually includes two
levels of CA: the topmost one matches what’s in Firefox, while the
other one (“R3”) is the next level down.