Let’s Encrypt announced it’s root certificate ISRG Root X1 is now directly trusted by Microsoft and all other major root certificate programs including Microsoft, Google, Apple, Mozilla, Oracle, and Blackberry.
Starting from the first issuance the Let’s Encrypt intermediate certificates, Let’s Encrypt Authority X1 and Let’s Encrypt Authority X2 was cross-signed with IdenTrust root and trusted by all the major browsers.
Browsers and operating systems not supported by default to Let’s Encrypt certificates, so it was cross-signed by IdenTrust and the IdenTrust certificate trusted by the Browsers and operating systems directly.
Starting July 2018 Let’s Encrypt certificate directly trusted by almost all newer versions of operating systems, browsers, and devices.
“Some of those older systems will eventually be updated to trust Let’s Encrypt directly. Some will not, and we’ll need to wait for the vast majority of those to cycle out of the Web ecosystem.”
Let’s Encrypt says it would take at least five more years to cycle out the Web ecosystem, so they planned to continue the cross signature until then.
Let’s Encrypt Active Intermediate’s
Let’s Encrypt Authority X3 (IdenTrust cross-signed)
Let’s Encrypt Authority X3 (Signed by ISRG Root X1)
Let’s Encrypt Authority X4 (IdenTrust cross-signed)
Let’s Encrypt Authority X4 (Signed by ISRG Root X1)
Site owner’s of Let’s Encrypt not required to make any changes and the site’s continue to work normally.