tencent cloud

Feedback

[Tencent Cloud EdgeOne] Impact of Root Certificate Changes from Let's Encrypt

Last updated: 2024-10-16 15:06:30
The free certificates currently provided in the EdgeOne console are RSA certificates issued by Let's Encrypt. Starting from September 30, 2024, the cross-signed chain of the RSA certificates previously used by Let's Encrypt will expire, and its self-signed root certificate, ISRG Root X1, will become the only trusted root certificate for RSA certificates.

The changes to the root certificate will mainly affect systems that currently lack the chain of trust for ISRG Root X1, potentially leading to certificate-related alarms or HTTPS service unavailability. The following systems are compatible with the root certificate only in a specific version and later.
Windows >= XP SP3, Server 2008 (except systems with automatic root certificate updates disabled)
macOS >= 10.12.1 Sierra
iOS >= 10
Android >= 7.1.1
Firefox >= 50.0
Ubuntu >= 12.04 Precise Pangolin (package updates required)
Debian >= 8 / Jessie (package updates required)
RHEL >= 6.10, 7.4 (package updates required), 8+
Java >= 7u151, 8u141, 9+
NSS >= 3.26
Chrome >= 105 (OS certificate store used directly for earlier versions)
PlayStation >= PS4 v8.0.0

Regarding potential platform compatibility issues with the Let's Encrypt certificate, we strongly recommend you check the compatibility of the current access terminals with the certificate. If this change impacts your business, we suggest mitigating it through the following methods:
1. If you need to use a free certificate from another brand, you can apply for a free Tencent Cloud SSL certificate, and then deploy it to your current domain name by referring to Deploying/Updating SSL Certificate for a Domain Name.
2. To ensure your business remains stable and unaffected, we recommend you upgrade your current certificate to a paid Tencent Cloud SSL certificate. Then, refer to Deploying/Updating SSL Certificate for a Domain Name to complete the certificate replacement. Paid certificates are issued by more authoritative CAs that provide higher compatibility and have a validity period of 1 year. This can more effectively provide stable HTTPS service for your website.

We appreciate your support and trust in EdgeOne products. If you have any questions, please feel free to contact us.


Contact Us

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support