Soon, new versions of Chrome will also have their own root store. Firefox is the exception: it has its own root store. Debian >= jessie / 8 (with updates applied)īrowsers (Chrome, Safari, Edge, Opera) generally trust the same root certificates as the operating system they are running on.Ubuntu >= xenial / 16.04 (with updates applied).Android >= 7.1.1 (but Android >= 2.3.6 will work by default due to our special cross-sign).iPhone 5 and above can upgrade to iOS 10 and can thus trust ISRG Root X1.Windows >= XP SP3 ( assuming Automatic Root Certificate Update isn’t manually disabled).If that doesn’t identify the problem, ask for help in our Community Forums. Test your site with SSL Labs' Server Test. If you’re having an issue with modern platforms, the most common cause is failure to provide the correct certificate chain. If your certificate validates on some of the “Known Compatible” platforms but not others, the problem may be a web server misconfiguration.
From October 2021 onwards, only those platforms that trust ISRG Root X1 will validate Let’s Encrypt certificates ( with the exception of Android). Prior to September 2021, some platforms could validate our certificates even though they don’t include ISRG Root X1, because they trusted IdenTrust’s “DST Root CA X3” certificate. The main determining factor for whether a platform can validate Let’s Encrypt certificates is whether that platform trusts ISRG’s “ISRG Root X1” certificate.
