Many people have decided to implement Let’s Encrypt into their production sites. I find this still a very bad idea to be done without being very (but really very) careful.
Let’s Encrypt brings you freedom but also limits you in using the certificate with SHA-256 RSA Encryption. Support for SHA-2 has improved over the last few years. Most browsers, platforms, mail clients and mobile devices already support SHA-2. However, some older operating systems such as Windows XP pre-SP3 do not support SHA-2 encryption. Many organizations will be able to convert to SHA-2 without running into user experience issues, and many may want to encourage users running older, less secure systems to upgrade. In this tutorial, we are going to deal with this incompatibility in a simple, but still nasty way.