Introduction

Just a reminder on how it is all works. Below is the chain if Trust for Lets Encrypt. You can see the current status on https://letsencrypt.org/certificates/

Example

Looking at my own certificate for www.bibble.co.nz you can see my certificate, the R3 certificate (Intermediate) and the ISRG Root X1 certificate (Root certificate). You can see which platforms and browsers trust the ISRG Root X1 certificate at https://letsencrypt.org/docs/certificate-compatibility/ which lists some of the platforms which are not supported too. Obviously this is only for lets encrypt. You will need to look for at you own Root certificate for other implementations.

Alternatives to Lets Encrypt

• Buypass (www.buypass.com)
• Zero SSL (zerossl.com)
• AWS Certificate Manager
• OpenSSL
• DigiCert Enterprise PKI Manager
• GeoTrust SSL
• IONOS 1&1 Domains & SSL
• DigiCert CertCentral
• AppViewX CERT+
• SSL.com

Some Definitions

• Root Certificate. A root certificate is a digital certificate that belongs to the issuing Certificate Authority. It comes pre-downloaded in most browsers and is stored in what is called a “trust store.” The root certificates are closely guarded by CAs.

• Intermediate Certificate. Intermediate certificates branch off root certificates like branches of trees. They act as middle-men between the protected root certificates and the server certificates issued out to the public. There will always be at least one intermediate certificate in a chain, but there can be more than one.

• Server Certificate. The server certificate is the one issued to the specific domain the user is needing coverage for.