One of them is tied to a root CA and works on all devices. The other is not, and...

pfg · on Aug 5, 2016

Certificates issued by Let's Encrypt are cross-signed by IdenTrust and are trusted by all major browsers[1]. This is just about their own root certificate. Being cross-signed by an existing, trusted CA is a common practice for new CAs, as it would take years for the CA to become usable in practice otherwise.

[1]: https://community.letsencrypt.org/t/which-browsers-and-opera...

icebraining · on Aug 5, 2016

LE is tied to a root CA (IdenTrust's). The support is almost universal, with only obsolete OSs not trusting them: https://community.letsencrypt.org/t/which-browsers-and-opera...

DisposableMike · on Aug 5, 2016

Despite a fairly large number of users on XP still (2.5% of total users on some sites I manage), I'll give you that it works on non-obsolete OS browsers. However, those are not the only pieces in the world of security.

Java, for example, only started support as recently as 3 weeks ago (2016-07-19)

pfg · on Aug 5, 2016

XP is supported. There was an issue due to some schannel bug in XP choking on the issuer certificate, but that was fixed earlier this year.

true_religion · on Aug 5, 2016

Lot's of people care about and make their money off users with "obsolete OS's and browsers".

icebraining · on Aug 5, 2016

And they're just as likely to have problems with any other CA.

darklajid · on Aug 5, 2016

Including HN / ycombinator?