On Thu, Oct 13, 2022 at 3:13 PM Kevin Kofler via devel
<devel(a)lists.fedoraproject.org> wrote:
Neal Gompa wrote:
> I'm not going to get into this too much, but suffice to say, it's not
> universally accessible as a CA.
I would very much be interested in those details though.
As I recall, the current LE root certificate is not (and in some
cases may not be able to be) installed in all clients. When
the cross signing cert (from a well known/trusted CA)
expired a year ago a number of clients suddenly found
themselves getting errors. It is easy to say "install new
root certs", but that is not actually easy to do in all cases.