On Tue, 30 May 2017, kc atgb wrote: > One problem I might have with letsencrypt is that it is not recognized > by all protocol clients. We have customers that are not always up to > date on their side (old OSes, softwares, hosts, ... ), and letsencrypt > is recent in the race, so not integrated on these devices.
Letsencrypt signs with a signing key which is signed by the DST Root CA which has been valid since 2000, and should be present on almost every device. [For reference, google.com is signed by a key which was generated in 2002...] So if it does have an issue with validity, it's an issue which many SSL certificates are going to share. -- Don Armstrong https://www.donarmstrong.com They say when you embark on a journey of revenge dig two graves. They underestimate me. -- a softer world #560 http://www.asofterworld.com/index.php?id=560