Let’s Encrypt root certificates now trusted by major root programmes

Hits: 11

The Let’s Encrypt project, which is trying to make the web more secure, has announced that its root certificate is now recognised and trusted by all major root programmes, including those run by Microsoft, Google, Apple, Mozilla, Oracle, and BlackBerry.

Most browsers and operating systems trusted Let’s Encrypt because of a cross-signature from another authority called IdenTrust which was already trusted. Today’s news means newer software should recognise Let’s Encrypt certificates directly.

While most newer operating systems and browsers now support Let’s Encrypt out of the box without cross-signatures, older browsers and operating systems do not. In order to accommodate for this, Let’s Encrypt will continue to use a cross signature. According to the project, this period of waiting for older devices to fall out of the web ecosystem could take at least five years or more.

Let’s Encrypt says that those using its software do not need to do anything to accommodate for the latest piece of news, but the project does state that you should keep up best practises, such as keeping your AMCE client (such as Certbot) up-to-date.

In its announcement, the project clarified that it currently provides certificates for more than 115 million websites, after recently passing the 100 million secured sites milestone.