Almost 3 years have been passed since SSL was installed on miniBB primary domain, and since then, there were no issues for it (and also its issuer, Sectigo Ltd. — no remarks at all), but... this year, I've decided to try out Let's Encrypt.

The most impressive thing Let's Encrypt achieved in 2020, was the Android device compatibility extending. This made the Certificate-compatibility list much wider.

Actually, nowadays it covers most, if not all of the browsers and devices/OS miniBB could support, too. Even on iPad 3 (iOS 9.3.6) it still could run, if the Certificate is trusted (and then remembered) manually.

Who knows if much older devices should be even supported? Let's try and see — and Let's Encrypt.

R3 is not included nor listed in iOS 9 Trust Store, that's why ISRG is not sure of it in their official list. But it is surely amongst the "Always Ask" certificates as you mention, that ones "untrusted but not blocked". When one of these certificates is used, you'll be prompted to choose whether or not to trust it. That's the cite from Apple official.

Sad to say, Apple just releases and earns, but is abnormally weak in support their own inventions and you will never ever see them as lets encrypt supporters.

I can say lets encrypt has seen some great changes and the fact you no longer need to spend a lot of money for SSL and then manually adding the encryption unless its a business related site. Something similar to business verification is the only time i won't use Lets Encrypt.

On the adoption side of things apple and microsoft both have an bad track record of not adopting things they create and promote that being said i still use android the last apple device i have is a mac book air for small apple related programming that requires apple to test without a large product testing using bots.

I did notice a few odd changes at the linux level mainly Lets Encrypt trying to push snap installations more even on their website when you look things up being a person who likes to use Debian and i find most packages like snap, flatpak and appimage to be cumbersome from a security standpoint on the server side of things.

I'm using Ubuntu and I didn't notice such things you describe. The automated process of Let's Encrypt just adds/generates necessary files, and with the help of quick commands it's possible to remove certain domains from updating. Quite an easy thing to maintain. Perhaps it all could happen at the optional level, not sure.

You're right it's the SSL mostly for traffic protection and not serious verification, but that's basically all I personally need. IMHO protecting absolutely everything with SSL is a bad trand. So many useful websites couldn't be opened because of it on the "outdated" devices, which still are supposed to work good. If there's an informational website with no sensful personal information involved and/or without login, it doesn't need SSL at all — it would be better opened everywhere and everytime rather than taking care of the online dictatorship rules imposed by tech giants.