On 17/04/2024 04:48, Brian Inglis via Cygwin-apps wrote:
Hi folks,
Is this FYI, or are you suggesting there is some specific action we need
to take?
https://letsencrypt.org/2023/07/10/cross-sign-expiration
Shortening the Let's Encrypt Chain of Trust
"On Thursday, Feb 8th, 2024, we stopped providing the cross-sign by
default in requests made to our /acme/certificate API endpoint.
On Thursday, June 6th, 2024, we will stop providing the longer
cross-signed chain entirely.
On Monday, September 30th, 2024, the cross-signed certificate will expire."
https://letsencrypt.org/2024/03/19/new-intermediate-certificates
New Intermediate Certificates
"Let’s Encrypt generated 10 new Intermediate CA Key Pairs, and issued 15
new Intermediate CA Certificates containing the new public keys."
https://letsencrypt.org/2024/04/12/changes-to-issuance-chains
Deploying Let's Encrypt's New Issuance Chains
"On Thursday, June 6th, 2024, we will be switching issuance to use our
new intermediate certificates. Simultaneously, we are removing the DST
Root CA X3 cross-sign from our API, aligning with our strategy to
shorten the Let’s Encrypt chain of trust. We will begin issuing ECDSA
end-entity certificates from a default chain that just contains a single
ECDSA intermediate, removing a second intermediate and the option to
issue an ECDSA end-entity certificate from an RSA intermediate."
