Certificate Compatibility

Se på Dansk

Auf Deutsch ansehen

Ver en español

Katso suomeksi

Voir en Français

לעבור לעברית

Megtekintés magyar nyelven

Visualizza in italiano


한국어로 보기

Ver em Português (do brasil)

Просмотреть на русском

Visa på svenska

Переглянути українською



Last updated: | See all Documentation

The main determining factor for whether a platform can validate Let’s Encrypt certificates is whether that platform trusts ISRG’s “ISRG Root X1” certificate. Prior to September 2021, some platforms could validate our certificates even though they don’t include ISRG Root X1, because they trusted IdenTrust’s “DST Root CA X3” certificate. From October 2021 onwards, only those platforms that trust ISRG Root X1 will validate Let’s Encrypt certificates (with the exception of Android).

If your certificate validates on some of the “Known Compatible” platforms but not others, the problem may be a web server misconfiguration. If you’re having an issue with modern platforms, the most common cause is failure to provide the correct certificate chain. Test your site with SSL Labs' Server Test. If that doesn’t identify the problem, ask for help in our Community Forums.

Platforms that trust ISRG Root X1

Browsers (Chrome, Safari, Edge, Opera) generally trust the same root certificates as the operating system they are running on. Firefox is the exception: it has its own root store. Soon, new versions of Chrome will also have their own root store.

Platforms that trust DST Root CA X3 but not ISRG Root X1

These platforms would have worked up to September 2021 but will no longer validate Let’s Encrypt certificates.

Known Incompatible

ISRG Root X2 (new ECDSA root) - coming soon

We have submitted ISRG Root X2 to the Microsoft, Apple, Google, Mozilla, and Oracle root programs for inclusion.

ISRG Root X2 is already widely trusted via a cross-sign from our ISRG Root X1. Additionally, several root programs have already added ISRG Root X2 as a trust anchor.

For more information about inclusion status, check out our community forum post.

While we wait for ISRG Root X2 to become widely trusted, it’s possible to opt-in to use ISRG Root X2 for your ECDSA certificates. For more information, see our community forum post.