Resources
  • Release Notes and Announcements
    • Release Notes
    • Security Announcement
      • Protection against DDoS attacks targeting HTTP/2 protocol vulnerabilities
    • Announcements
      • Notice regarding the addition of TrustAsia free certificate issuance source
      • [Tencent Cloud EdgeOne] Impact of Root Certificate Changes from Let's Encrypt
      • [Tencent Cloud EdgeOne] NS Access Mode Upgrade Announcement
      • [Tencent Cloud EdgeOne] VAU Unit Change Notification
      • EdgeOne Console Upgrade Instructions
      • 【Tencent Cloud EdgeOne】Cloud API Change Notification
  • Agreements
    • Service Level Agreement
  • TEO Policy
    • Privacy Policy
    • Data Processing And Security Agreement
  • Contact Us
  • Glossary
  • FAQs
    • Reference for Abnormal Status Codes
    • Product Features FAQs
    • Domain Service FAQs
    • Site Acceleration FAQs
    • Data and Log FAQs
    • Security Protection-related Queries
    • Troubleshooting Guide for EdgeOne 4XX/5XX Status Codes
Docs Overview/
Resources/
Release Notes and Announcements/
Announcements/
[Tencent Cloud EdgeOne] Impact of Root Certificate Changes from Let's Encrypt/

[Tencent Cloud EdgeOne] Impact of Root Certificate Changes from Let's Encrypt

The free certificates currently provided in the EdgeOne console are RSA certificates issued by Let's Encrypt. Starting from September 30, 2024, the cross-signed chain of the RSA certificates previously used by Let's Encrypt will expire, and its self-signed root certificate, ISRG Root X1, will become the only trusted root certificate for RSA certificates.

The changes to the root certificate will mainly affect systems that currently lack the chain of trust for ISRG Root X1, potentially leading to certificate-related alarms or HTTPS service unavailability. The following systems are compatible with the root certificate only in a specific version and later.
Windows >= XP SP3, Server 2008 (except systems with automatic root certificate updates disabled)
macOS >= 10.12.1 Sierra
iOS >= 10
Android >= 7.1.1
Firefox >= 50.0
Ubuntu >= 12.04 Precise Pangolin (package updates required)
Debian >= 8 / Jessie (package updates required)
RHEL >= 6.10, 7.4 (package updates required), 8+
Java >= 7u151, 8u141, 9+
NSS >= 3.26
Chrome >= 105 (OS certificate store used directly for earlier versions)
PlayStation >= PS4 v8.0.0

Regarding potential platform compatibility issues with the Let's Encrypt certificate, we strongly recommend you check the compatibility of the current access terminals with the certificate. If this change impacts your business, we suggest mitigating it through the following methods:
1. If you need to use a free certificate from another brand, you can apply for a free Tencent Cloud SSL certificate, and then deploy it to your current domain name by referring to Deploying/Updating SSL Certificate for a Domain Name.
2. To ensure your business remains stable and unaffected, we recommend you upgrade your current certificate to a paid Tencent Cloud SSL certificate. Then, refer to Deploying/Updating SSL Certificate for a Domain Name to complete the certificate replacement. Paid certificates are issued by more authoritative CAs that provide higher compatibility and have a validity period of 1 year. This can more effectively provide stable HTTPS service for your website.

We appreciate your support and trust in EdgeOne products. If you have any questions, please feel free to contact us.