On Tue, 21 Sep 2021 08:48:35 +1200, Peter Reutemann quoted:
'On 30th September 2021, the root certificate that Let's Encrypt are currently using, the IdentTrust DST Root CA X3 certificate, will expire.'
Checking the cert on my geek-central.gen.nz VPS, it was issued by a CA named “Internet Security Research Group” with a “Common Name” of “ISRG Root X1”. The CA cert validity goes from “Not Before Fri, 04 Sep 2020 00:00:00 GMT” to “Not After Mon, 15 Sep 2025 16:00:00 GMT”. Within Firefox itself, the installed CA cert for that same organization has a validity up to 4th June 2035. Ah, I see why the discrepancy: my server’s cert actually includes two levels of CA: the topmost one matches what’s in Firefox, while the other one (“R3”) is the next level down.