Support "alternate" certificate links for different Root CA
shibayan opened this issue · comments
Tatsuro Shibamura commented
Let's Encrypt will switch to ISRG Root CA starting September 29, 2020.
However, due to the lack of support on some Android devices, the current IdenTrust Root CA is also provided with an alternate HTTP header.
Ref
Eugene Bekker commented
Additional refs:
- https://community.letsencrypt.org/t/workflow-for-using-alternate-link-relation/129321
- According to https://tools.ietf.org/html/rfc8555#section-7.4.2 the server MAY provide one or more additional certificate download URLs, each pointing to an alternative certificate chain starting with the same end-entity certificate.