[rsweeney21]

I don't understand the motivation for making this change now. Why not keep the universally accepted root certificate as the default chain? Why does Let's Encrypt need to switch to their own root certificate now, and cause thousands of websites to break on older devices?

I don't even control the certificate provisioning process. We use Heroku and Webflow. This is frustrating.

[toast0]

Their cross cert expires in 10 months. Switching in January gives most people time to notice the problem while there's an easy temporary fix (switch to the soon to be expiring cross cert while you evaluate the root compatability of commercial CAs across the devices you support).

I imagine the cross cert cost a bunch of money, and they may not have the money to do that again.

[laughinghan]

Did you miss the part where the "universally accepted" root certificate is going to be universally rejected in 10 months?

[tingletech]

"the DST Root X3 root certificate that we relied on to get us off the ground is going to expire - on September 1, 2021."