Certificate Compatibility

Last updated: December 5, 2016 | See all Documentation

Let’s Encrypt aims to be compatible with as much software as possible without compromising security. The main determining factor for whether a platform can validate Let’s Encrypt certificates is whether that platform includes IdenTrust’s DST Root X3 certificate in its trust store. A secondary factor is whether the platform supports modern SHA-2 certificates, since all Let’s Encrypt certificates use SHA-2.

If your certificate validates on some of the “Known Compatible” platforms but not others, the problem may be a web server misconfiguration. If you’re having an issue with modern platforms, the most common cause is failure to provide the correct certificate chain. If you’re having an issue with older platforms like Windows XP, the most common causes are failure to configure a ciphersuite or TLS version that is supported on the platform or that the platform lacks support for Server Name Indication (SNI). Test your site with SSL Labs’ Server Test. If that doesn’t identify the problem, ask for help in our Community Forums.

You may want to visit this particular community forum discussion for more information about compatibility.

Known Compatible

Known Incompatible