Let’s Encrypt claims that although all newer versions of operating systems, browsers, and devices trust its certificates directly, many older versions still don’t instantly trust Let’s Encrypt CA, some of which will be upgraded to trust a new version of their certificate, but also There are many that will not be upgraded. It may take at least five years to wait for them to disappear altogether.
“While Let’s Encrypt is now directly trusted by almost all newer versions of operating systems, browsers, and devices, there are still many older versions in the world that do not directly trust Let’s Encrypt. Some of those older systems will eventually be updated to trust Let’s Encrypt directly. Some will not, and we’ll need to wait for the vast majority of those to cycle out of the Web ecosystem. We expect this will take at least five more years, so we plan to use a cross signature until then.”
