Now all the main lists of root certificates trust Let's Encrypt
The news that ISRG Root X1, Let's Encrypt CA 's root certificate , has become a little imperceptible has become directly trusted by Microsoft products. Now direct trust exists on the part of all major trust root certificate lists, including Microsoft, Google, Apple, Mozilla, Oracle and Blackberry.
I think this should be glad. Although, let's face it, outwardly it was not noticeable in any way (we could both go over https to sites “covered” with LE certificates, so we can enter), and, moreover, the benefits of the event will be when “Will arrive” and updated lists of trust root certificates will be used, the event is an important milestone on the way of recognizing this CA - and another counter-argument against purchasing certificates from CAs engaged in issuing DV-certificates for money.
Until now, the credibility of Let's Encrypt certificates was provided through an intermediate certificate, cross-signed with both the root certificate of Let's Encrypt and the root certificate of the IdenTrust organization, thanks to which the certificates of Let's Encrypt were accepted because of the credibility of IdenTrust, including in software and systems that did not have information about the Let's Encrypt root certificate.
Users of the service of Let's Encrypt service do not require any additional actions. It is recommended, however, to ensure that the ACME client (the software agent responsible for obtaining renewals of LE certificates used in systems, such as Certbot or acme.sh ), is regularly updated.
According to the information of the service, today, the Let's Encrypt non-profit certification center (in turn, managed by ISRG, a public organization Internet Security Research Group), provides certificates to more than 115 million websites.
I think this should be glad. Although, let's face it, outwardly it was not noticeable in any way (we could both go over https to sites “covered” with LE certificates, so we can enter), and, moreover, the benefits of the event will be when “Will arrive” and updated lists of trust root certificates will be used, the event is an important milestone on the way of recognizing this CA - and another counter-argument against purchasing certificates from CAs engaged in issuing DV-certificates for money.
Until now, the credibility of Let's Encrypt certificates was provided through an intermediate certificate, cross-signed with both the root certificate of Let's Encrypt and the root certificate of the IdenTrust organization, thanks to which the certificates of Let's Encrypt were accepted because of the credibility of IdenTrust, including in software and systems that did not have information about the Let's Encrypt root certificate.
Users of the service of Let's Encrypt service do not require any additional actions. It is recommended, however, to ensure that the ACME client (the software agent responsible for obtaining renewals of LE certificates used in systems, such as Certbot or acme.sh ), is regularly updated.
According to the information of the service, today, the Let's Encrypt non-profit certification center (in turn, managed by ISRG, a public organization Internet Security Research Group), provides certificates to more than 115 million websites.