Standing on Our Own Two Feet – Let’s Encrypt

Update: Let’s Encrypt Extends Support for Android 7 or Older Devices for Three Years

Let’s Encrypt announced its partnership with IdenTrust will come to an end by September 1, 2021. Except for its own root certificate, Let’s Encrypt has been using a cross-signed certificate from IdenTrust. The decision to part ways is dubbed as the company is standing on its own two feet.

Five years ago, when Let’s Encrypt launched, that’s exactly what we did. We got a cross-signature from IdenTrust. Their “DST Root X3” had been around for a long time, and all the major software platforms trusted it already: Windows, Firefox, macOS, Android, iOS, and a variety of Linux distributions. That cross-signature allowed us to start issuing certificates right away, and have them be useful to a lot of people. Without IdenTrust, Let’s Encrypt may have never happened and we are grateful to them for their partnership. Meanwhile, we issued our own root certificate (“ISRG Root X1”) and applied for it to be trusted by the major software platforms.

via Let’s Encrypt

However by the time the changes come into force next September 2021, the transition would cause compatibility issues with the devices that are running Android 7.1.1 or older version. It means the older versions of Android will no longer trust Let’s Encrypt root certificate called ISRG Root X1.

Let’s Encrypt therefore recommends affected users to install Firefox Mobile, which currently supports Android 5.0 and above.

Statistics for users of Android 7.1.1 and below

🇳🇱 Netherlands ~ 12%

🇺🇸 United States ~ 8%

🇹🇭 Thailand ~ 18%

Source: https://deviceatlas.com/blog/mobile-os-versions-by-country#th

If you are a site owner under our hosting service

You may contact your hosting provider directly for alternative certificate chains or for any questions about your SSL certificate.

If you are not sure if you are using Let’s Encrypt SSL, or if you are worried that (a part of) your potential visitors are affected by this Let’s Encrypt update, contact your hosting provider directly. The best solution depends on your use case, but it’s likely a paid SSL certificate, as they are around longer and well trusted.


Posted

in

,

by

Tags: