For anyone running their own CMS instance that uses LetsEncrypt certificates for HTTPS connections, just a heads up that from 8th July 2020September 29th 2020 11th January 2021, they plan to swap over to using their X1 root certificate by default.
What that means is that all devices connecting to your CMS will need to trust the new X1 root for connections to be able to be made. See their announcement here:
Windows 7 and Windows 10 with updates support the X1 root automatically. Android 7.1.1 and later typically support X1 root. Linux, webOS and Tizen all seem to support it.
If you’re running devices older than those, then you may need to take some action before 11th January 2021.
In theory it’s possible to continue using LetsEncrypt certificates cross-signed with the old chain until September 2021, however certbot, the tool which you likely use to obtain certificates, doesn’t have support for that yet.
There’s an issue open with certbot for that here:
Assuming that feature is implemented, you’ll want to ensure that your certbot is updated and that you enable the option to serve the legacy certificate chain.
That buys you time to either add the X1 root in to the trusted certificates on your devices, or to replace those with newer devices.
Instructions for adding the X1 root to Android devices can be found here: