Let's Encrypt

Chains of Trust

View in Greek

Se på Dansk

Auf Deutsch ansehen

Ver en español

Katso suomeksi

Voir en Français

לעבור לעברית

Megtekintés magyar nyelven

Lihat dalam Bahasa Indonesia

日本語で表示する

한국어로 보기

Просмотреть на русском

Pročitaj na Srpskom

Visa på svenska

Переглянути українською

使用简体中文阅读本网页。

使用正體中文閲讀本網頁。

Last updated:

This page describes all of the current and relevant historical Certification Authorities operated by Let’s Encrypt. Note that a CA is most correctly thought of as a key and a name: any given CA may be represented by multiple certificates which all contain the same Subject and Public Key Information. In such cases, we have provided the details of all certificates which represent the CA.

ISRG Certificate Hierarchy Diagram, as of June 2024

Root CAs

Our root key material is kept safely offline. We issue end-entity certificates to subscribers from the intermediates described in the next section. All root certificate Subjects have a Country field of C = US.

Note that Root CAs don’t have expiration dates in quite the same way that other certificates do. Although their self-signed certificates do contain a notAfter date, Root Programs and Trust Stores may decide to trust a Root CA beyond that date, or terminate trust in it before that date. As such, the end-of-validity dates given below are approximate, based on current Root Program policies.

For additional information on the compatibility of our root certificates with various devices and trust stores, see Certificate Compatibility.

Subordinate (Intermediate) CAs

We currently maintain four intermediates in active rotation. Subscriber certificates containing an ECDSA public key will be issued from one of the ECDSA intermediates; similarly, Subscriber certificates containing an RSA public key will be issued from one of the RSA intermediates.

All intermediate certificate Subjects have a Country field of C = US.

Click below for details on additional intermediates which are not part of the active issuance hierarchy:

Backup

These intermediate CAs have currently-valid certificates, but are not being issued from. We may begin issuing Subscriber certificates from them at any time, without warning.

  • Let’s Encrypt E7
    • Subject: O = Let's Encrypt, CN = E7
    • Key type: ECDSA P-384
    • Validity: until 2027-03-12
    • CA details: crt.sh, issued certs
    • Certificate details (signed by ISRG Root X2): der, pem, txt
    • Certificate details (cross-signed by ISRG Root X1): der, pem, txt
  • Let’s Encrypt E8
    • Subject: O = Let's Encrypt, CN = E8
    • Key type: ECDSA P-384
    • Validity: until 2027-03-12
    • CA details: crt.sh, issued certs
    • Certificate details (signed by ISRG Root X2): der, pem, txt
    • Certificate details (cross-signed by ISRG Root X1): der, pem, txt
  • Let’s Encrypt E9
    • Subject: O = Let's Encrypt, CN = E9
    • Key type: ECDSA P-384
    • Validity: until 2027-03-12
    • CA details: crt.sh, issued certs
    • Certificate details (signed by ISRG Root X2): der, pem, txt
    • Certificate details (cross-signed by ISRG Root X1): der, pem, txt
  • Let’s Encrypt R12
    • Subject: O = Let's Encrypt, CN = R12
    • Key type: RSA 2048
    • Validity: until 2027-03-12
    • CA details: crt.sh, issued certs
    • Certificate details (signed by ISRG Root X1): der, pem, txt
  • Let’s Encrypt R13
    • Subject: O = Let's Encrypt, CN = R13
    • Key type: RSA 2048
    • Validity: until 2027-03-12
    • CA details: crt.sh, issued certs
    • Certificate details (signed by ISRG Root X1): der, pem, txt
  • Let’s Encrypt R14
    • Subject: O = Let's Encrypt, CN = R14
    • Key type: RSA 2048
    • Validity: until 2027-03-12
    • CA details: crt.sh, issued certs
    • Certificate details (signed by ISRG Root X1): der, pem, txt
Retired

These intermediate CAs are no longer being used to issue Subscriber certificates. Those which still have valid certificates may be producing OCSP responses and/or CRLs.

  • Let’s Encrypt E1
    • Subject: O = Let's Encrypt, CN = E1
    • Key type: ECDSA P-384
    • Validity: until 2025-09-15
    • CA details: crt.sh, issued certs
    • Certificate details (signed by ISRG Root X2): crt.sh, der, pem, txt
  • Let’s Encrypt E2
    • Subject: O = Let's Encrypt, CN = E2
    • Key type: ECDSA P-384
    • Validity: until 2025-09-15
    • CA details: crt.sh, issued certs
    • Certificate details (signed by ISRG Root X2): crt.sh, der, pem, txt
  • Let’s Encrypt R3
    • Subject: O = Let's Encrypt, CN = R3
    • Key type: RSA 2048
    • Validity: until 2025-09-15
    • CA details: crt.sh, issued certs
    • Certificate details (signed by ISRG Root X1): crt.sh, der, pem, txt
    • Certificate details (cross-signed by IdenTrust): crt.sh, der, pem, txt
  • Let’s Encrypt R4
    • Subject: O = Let's Encrypt, CN = R4
    • Key type: RSA 2048
    • Validity: until 2025-09-15
    • CA details: crt.sh, issued certs
    • Certificate details (signed by ISRG Root X1): crt.sh, der, pem, txt
    • Certificate details (cross-signed by IdenTrust): crt.sh, der, pem, txt
  • Let’s Encrypt Authority X1
    • Subject: O = Let's Encrypt, CN = Let's Encrypt Authority X1
    • Key type: RSA 2048
    • Validity: expired 2020-06-04
    • CA details: crt.sh, issued certs
    • Certificate details (signed by ISRG Root X1): crt.sh, der, pem, txt
    • Certificate details (cross-signed by IdenTrust): crt.sh, der, pem, txt
  • Let’s Encrypt Authority X2
    • Subject: O = Let's Encrypt, CN = Let's Encrypt Authority X2
    • Key type: RSA 2048
    • Validity: expired 2020-06-04
    • CA details: crt.sh, issued certs
    • Certificate details (signed by ISRG Root X1): crt.sh, der, pem, txt
    • Certificate details (cross-signed by IdenTrust): crt.sh, der, pem, txt
  • Let’s Encrypt Authority X3
    • Subject: O = Let's Encrypt, CN = Let's Encrypt Authority X3
    • Key type: RSA 2048
    • Validity: expired 2021-10-06
    • CA details: crt.sh, issued certs
    • Certificate details (signed by ISRG Root X1): crt.sh, der, pem, txt
    • Certificate details (cross-signed by IdenTrust): crt.sh, der, pem, txt
  • Let’s Encrypt Authority X4
    • Subject: O = Let's Encrypt, CN = Let's Encrypt Authority X4
    • Key type: RSA 2048
    • Validity: expired 2021-10-06
    • CA details: crt.sh, issued certs
    • Certificate details (signed by ISRG Root X1): crt.sh, der, pem, txt
    • Certificate details (cross-signed by IdenTrust): crt.sh, der, pem, txt
Delegated OCSP Responder

This keypair was previously used to sign OCSP responses regarding the status of Let’s Encrypt’s intermediates on behalf of Let’s Encrypt’s root, so that the root could remain safely offline. We no longer issue OCSP responses for our intermediates; we instead periodically issue CRLs from our root to convey the revocation status of our intermediates.

  • ISRG Root OCSP X1
    • Subject: O = Internet Security Research Group, CN = ISRG Root OCSP X1
    • Key type: RSA 2048
    • Validity: until 2025-06-10
    • Certificate details (signed by ISRG Root X1): crt.sh, der, pem, txt
    • Certificate details (signed by ISRG Root X1): crt.sh (expired)

Chains

When an ACME client downloads a newly-issued certificate from Let’s Encrypt’s ACME API, that certificate comes as part of a “chain” that also includes one or more intermediates. Usually this chain consists of just the end-entity certificate and one intermediate, but it could contain additional intermediates. The idea is that, by presenting this whole chain of certificates to a website visitor’s browser, the browser will be able to validate the signatures all the way up to a root that browser trusts without having to download any additional intermediates.

Sometimes there’s more than one valid chain for a given certificate: for example, if an intermediate has been cross-signed, then either one of those two certificates could be the second entry, “chaining up to” either of two different roots. In this case, different website operators may want to select different chains depending on the properties that they care about the most.

Subscriber certificates with RSA public keys are issued from our RSA intermediates, which are issued only from our RSA root ISRG Root X1 (i.e. they are not cross-signed). Therefore, all RSA subscriber certificates have only a single chain available:

RSA Subcriber Cert ← RSA Intermediate (R10 or R11) ← ISRG Root X1

Subscriber certificates with ECDSA public keys are issued from our ECDSA intermediates, which are issued both (i.e. are cross-signed) from our RSA root ISRG Root X1 and our ECDSA root ISRG Root X2. Therefore we offer two chains for these certificates:

ECDSA Subcriber Cert ← ECDSA Intermediate (E5 or E6) ← ISRG Root X1

ECDSA Subcriber Cert ← ECDSA Intermediate (E5 or E6) ← ISRG Root X2

The first chain, up to ISRG Root X1, provides the greatest compatibility because that root certificate is included in the most trust stores. The second chain, up to ISRG Root X2, consumes fewer bytes of network bandwidth in each TLS handshake. We provide the first chain by default, to ensure the widest compatibility. Subscribers who wish to prioritize size over compatibility can reference their ACME client’s documentation for instructions on how to request the alternate chain (for example, certbot’s --preferred-chain flag).