Last week this got a personal computer of mine that's using a fairly old operating system. Basically 1/2 of the Internet stopped working 😱, including my Opalstack sites that have
Long story short, I figured out a way to manually install and trust the
ISRG Root X1 Root Certificate that Let's Encrypt now uses in place of the now-expired
IdentTrust DST Root CA X3.
I assume this root certificate switch is (at least partially) what you meant by this reply.
The thing is, my OS
https sites are going to continue to be broken for anyone that hasn't installed & trusted the "ISRG Root X1" cert.
I was wondering if there is anything that can be done, server-side, to mitigate this, which still respecting the new LE root certificate.
I did some research and found the following:
I don't know enough to know whether this applies to OS, and even if it does, if it's possible for you to implement. This seems to be for servers and not clients. But maybe I've misread it.
What do you think @sean?