@mattjones86 that does not seem expected - Let's Encrypt have been issuing certificate from their R3 intermediate since December 2021 (https://community.letsencrypt.org/t/beginning-issuance-from-r3/139018) and have been supplying two intermediates (an Let's Encrypt R3 to ISRG Root X1 and a Let's Encrypt R3 to DST Root CA X3) in the default chain since 4th May 2021 (https://community.letsencrypt.org/t/production- chain-changes/150739). Given that certificates issued by Let's Encrypt have a maximum validity period of 90 days, all certificates that are still valid after the 4th of August would have been issued in this manner.
The only thing I could think of that would explain the behaviour mentioned, is if your ACME client was failing to update the certificate chain/bundle (or your server was configured to serve and old/stale bundle). Most browsers (including Chrome) will also automatically fetch issuer intermediate certificates if they're not supplied by the server. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1944481 Title: Distrust "DST Root CA X3" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1944481/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
