In Progress [CPANEL-33077] Letsencrypt transition to ISRG’s Root (Important!!!!!)

ciao70

Well-Known Member
Nov 3, 2006
91
16
158
Hi,


In reference to this notice


How will it be managed by cpanel?

Will you continue to use DST Root X3 or will you automatically switch to ISRG Root X1?

If so, what can be done to continue using the current intermediate certificate (DST Root X3) until 30 September 2021?

This is important because devices with an Android version earlier than 7.1 will not recognize the new certificate ISRG Root X1

Thanks
 

andrew.n

Well-Known Member
Jun 9, 2020
399
97
28
EU
cPanel Access Level
Root Administrator
Probably they will come up something similar as they did with Sectigo recently:

 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,255
313
Houston
Someone recently opened an inquiry in response to this thread - CPANEL-33077 - It doesn't have a developer response yet but I'll continue checking it and let you know as soon as there's an update.
 
  • Like
Reactions: ciao70

ciao70

Well-Known Member
Nov 3, 2006
91
16
158
Someone recently opened an inquiry in response to this thread - CPANEL-33077 - It doesn't have a developer response yet but I'll continue checking it and let you know as soon as there's an update.

Hello,

is there any news?

Thanks
 

ciao70

Well-Known Member
Nov 3, 2006
91
16
158
Hello,

We’re delaying this transition one more time, to January 11, 2021. As we got closer to the switchover date, we realized we need to do more outreach to our subscribers first, to make sure no one is taken by surprise. To everyone who has already gotten ready for the switch, thank you!

We will still be making a smaller change to our issuing intermediate this fall. We’ll switch to using our just-issued R3 intermediate. However, that intermediate will be cross-signed by IdenTrust (just like our “Let’s Encrypt Authority X3” intermediate is), so compatibility with your site visitors will not change. Your ACME client should automatically download and configure the correct certificate chain with the next issuance after we make the change.

https://community.letsencrypt.org/t/transition-to-isrgs-root-delayed-until-jan-11-2021/125516/3

https://letsencrypt.org/2020/09/17/new-root-and-intermediates.html

https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html
 
  • Like
Reactions: cPanelLauren

ciao70

Well-Known Member
Nov 3, 2006
91
16
158
 
  • Like
Reactions: cPRex

ciao70

Well-Known Member
Nov 3, 2006
91
16
158






Chain of Trust - Let's Encrypt - Free SSL/TLS Certificates

Last updated: Dec 8, 2020
 
Last edited:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
2,280
303
213
cPanel Access Level
Root Administrator
Can you let me know what update you were looking for? Since this has been delayed by Let's Encrypt until January 2021 we haven't taken any action on our end just yet. We have done some testing with this and so far it doesn't appear to cause any problem, except for older Android clients as mentioned here:


At this point, there really shouldn't be any issues with this switch as it should just happen without users knowing.
 

ciao70

Well-Known Member
Nov 3, 2006
91
16
158
Hello,




For example, Plesk has given the possibility with a modification to be able to continue using the old DST Root certificate until 30/09/2021


The extension now supports a new chain of trust based on ISRG Root. Before January 11, 2021, the old IdenTrust root remains the default one, while the new ISRG Root is an alternative one. After January 11, 2021, the extension will issue SSL/TLS certificates based on the new ISRG Root, while the old IdenTrust root will become an alternative one.


To have the extension issue SSL/TLS certificates based on the alternative root (which is ISRG Root before January 11, 2021, and IdenTrust after this date), add the following lines to panel.ini:


[ext-letsencrypt]
use-alternate-root = true



Thanks
 

ciao70

Well-Known Member
Nov 3, 2006
91
16
158