[AnssiH]

Interesting that the referenced Let's Encrypt post from 2018 (https://letsencrypt.org/2018/08/06/trusted-by-all-major-root...) said

"Some will not, and we’ll need to wait for the vast majority of those to cycle out of the Web ecosystem. We expect this will take at least five more years, so we plan to use a cross signature until then."

So half a year ago they expected to continue cross-signing for 5+ years. What changed?

[Ajedi32]

For what it's worth, you'll still be able to use the old roots for another two and a half years (until September 29, 2021), which is not quite five years from the date of that old post, but also way longer than half a year.

[AnssiH]

I wonder what Google will do with their Cloud Platform Google-managed SSL certificates that have used Let's Encrypt so far...

But I guess in the worst case I can just buy traditional certificates for a couple of years.

[blattimwind]

You can literally exchange the certificates manually in the chain delivered by your webserver using a text editor.

[AnssiH]

There are no configuration options of any kind in Google App Engine with managed SSL security enabled (since the point is to let Google manage it), which I'd rather keep enabled if feasible to avoid having to worry about renewals etc.