Intermediate certificate warning in some online SSL checkers
Let’s Encrypt made changes to their root certificate in September 2021 when their DST Root CA X3 cross-sign expired. In order to retain the option for older Android devices to be able to visit sites that use Let’s Encrypt certificates, they got a special cross-sign which is valid for three more years beyond the expiration of the DST Root CA X3.
When an SSL certificate is issued by Let’s Encrypt for an end user, this new cross-sign is included in the chain of certificates along with the current Let’s Encrypt root certificate labeled ISRG Root X1, allowing the widest possible compatibility.
Certain online SSL checkers might report issues with the intermediate certificate (CA bundle) if they detect the new cross-sign of Let’s Encrypt within the chain of certificates. However such warnings should not be a cause for concern, because they do not represent an actual issue with the Let’s Encrypt SSL certificate installed for your website on our servers.