Let's Encrypt certificate switch to cause problems in 2021

The Let's Encrypt logo on a gold and blue background

Let’s Encrypt has announced that a root certificate its service uses, that was provided by IdenTrust, is set to expire on September 1, 2021. Let’s Encrypt is ready for the expiration with its own root certificate called ISRG Root X1 and it’s supported on many devices, but there is a problem.

Unfortunately, due to Android’s dire update situation, millions of devices running Android versions below 7.1.1 will not be able to connect to websites using Let’s Encrypt certificates. Not only will this affect websites you navigate to in your web browser but apps that connect to a website to pull data won’t be able to connect either.

To help mitigate the problem, Let’s Encrypt is going to make it possible to serve an alternate certificate chain that leads to the old root certificate to boost compatibility. This will be a temporary solution for site admins who, in the longer term, will be able to display a banner asking older Android users to switch to Firefox Mobile (which updates certificates independent of Android), stop supporting older Android versions, drop back to HTTP for older devices, or switch to a Certificate Authority (CA) that’s installed on older devices.

Let’s Encrypt recommends that those on older Android devices should install Firefox Mobile. As mentioned earlier, Firefox comes with its own list of trusted root certificates; this will allow sites to continue working after the old root certificate expires next year.

Report a problem with article
1604765866_mass
Next Article

Mass Effect trilogy is being remastered, new entry also in development at BioWare

1604617159_c2
Previous Article

Acer ConceptD 3 Ezel unboxing and first impressions

32 Comments - Add comment

Advertisement