Post Syndicated from original https://lwn.net/Articles/838811/rss

Let’s Encrypt has announced that, as of today, the TLS certificates issued
by the Let’s Encrypt certificate authority are using a new intermediate
certificate. “While LE will start using their new _roots_ next year, the change today
is using a _variant_ of their “R3” certificate which is cross-signed
from IdenTrust, rather than chaining back to their “ISRG Root X1”.

This will affect you if you’re using DANE, TLSA records in DNS, signed
by DNSSEC, to advertise properties of the certificate chain which remote
systems should expect to see.”