Complex indeed.
> The idea as I understand it is that browsers should
> see the ISRG Root X1 certificate, realize that it itself is already
> trusted by the OS or browser, and not even look at the next expired
> DST Root CA X3 certificate in the chain.
>
This doesn't work sometimes on some
The complexity of the problem…
> Begin forwarded message:
>
> From: raf
> Subject: Re: Let's Encrypt DST Root CA X3 Expiration
> Date: 2 October 2021 at 23:32:45 GMT-3
> To: macports-us...@lists.macports.org
>
> On Sat, Oct 02, 2021 at 04:14:05AM -0500, Ryan Schmidt
> wrote:
>
>>