
Directory Contents

PEM certificates for Letsencrypt ISRG X1 and X2 root, R3
intermediate and expired DST X3 root.  In order to verify
certificates issued by the old R3 chain through DST X3 the R3
certificate must become a trust anchor.	 This was done
automatically with the installation of the
ca-certificates-letsencrypt package.

Additionally it might be useful in some situations to block
the DST X3 certificate and / or install the ISRG X1 (already
included in the default cert bundle) and X2 certificates.
This is not done during package installation; manual
installation of the certs in the appropriate directories and
then running update-ca-trust would be necessary.

