Last updated: | See all Documentation
The determining factor for whether a platform can validate Let’s Encrypt certificates is whether that platform trusts ISRG’s “ISRG Root X1” or “ISRG Root X2” certificates. Both of these roots have been included in platform trust stores for several years now (ISRG Root X1 since late 2016, ISRG Root X2 since mid 2022), but it can take much longer for platform updates to be widely installed. Today, trust in ISRG Root X1 is nearly ubiquitous, while trust in ISRG Root X2 is still propagating.
If your certificate validates on some of the “Known Compatible” platforms but not others, the problem may be a web server misconfiguration. If you’re having an issue with modern platforms, the most common cause is failure to provide the correct certificate chain. Test your site with SSL Labs' Server Test. If that doesn’t identify the problem, ask for help in our Community Forums.
If your platform is not listed here, we appreciate pull requests that include documentation of when each root was added to that platform’s trust store.
Platforms that trust ISRG Root X1
- Windows >= XP SP3, Server 2008 (unless Automatic Root Certificate Updates have been disabled)
- macOS >= 10.12.1 Sierra
- iOS >= 10
- Android >= 7.1.1
- Firefox >= 50.0
- Ubuntu >= 12.04 Precise Pangolin (with updates applied)
- Debian >= 8 / Jessie (with updates applied)
- Java >= 7u151, 8u141, 9+
- NSS >= 3.26
- Chrome >= 105 (earlier versions use the operating system trust store)
- PlayStation >= PS4 v8.0.0
Platforms that trust ISRG Root X2
- Windows >= XP SP3, Server 2008 (unless Automatic Root Certificate Updates have been disabled)
- macOS >= 13
- iOS >= 16
- Android >= 14
- Firefox >= 97
- Ubuntu >= 18.04 Bionic Beaver (with updates applied)
- Debian >= 11 / Bullseye (with updates applied)
- Java >= 21.0.2
- NSS >= 3.74
- Chrome >= 105 (earlier versions use the operating system trust store)
In addition, all platforms which trust ISRG Root X1 also trust the cross-signed version of ISRG Root X2.