How we ensure Cloudflare customers aren't affected by Let's Encrypt's certificate chain change

Let's Encrypt, a certificate authority used by Cloudflare, will be relying on its own root CA, ISRG Root X1, instead of two distinct chains after September 30, 2024. This change will impact legacy devices and systems that rely exclusively on the cross-signed chain and lack the ISRG X1 root in their trust store. Cloudflare is committed to ensuring compatibility with older devices affected by this change without requiring any manual modifications from its customers. The company has built a robust TLS certificate pipeline, which ensures high availability, adherence to best security practices, and support for all clients, both legacy and modern.