A lead developer on Let’s Encrypt Jacob Hoffman-Andrews published a blog post on Let’s Encrypt website about the expiration of the DST Root X3 root certificate. He said that they are ready to stand on our own, and rely solely on our own root certificate.
Cross-signature from IdenTrust
Let’s Encrypt is a free, automated, and open certificate authority (CA), provided by the Internet Security Research Group (ISRG). It gives people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free. Its main goal is to create a more secure and privacy-respecting Web.
When a new Certificate Authority (CA) comes on the scene, it needs its root certificate to be trusted by a wide variety of operating systems (OSes) and browsers. The acceptance of the new root certificate can take years for the OSes and browsers. Jacob Hoffman-Andrew explained the common solution as, “The common solution: a new CA will often ask an existing, trusted CA for a cross-signature, to quickly get it into being trusted by lots of devices.”
Five years ago, when Let’s Encrypt launched got a cross-signature from IdenTrust. Their “DST Root X3” had been around for a long time, and all the major software platforms like Windows, Firefox, macOS, Android, iOS, and a variety of Linux distributions trusted it already. That cross-signature enables them to start issuing certificates right away, thanks to IdenTrust. At the same time, Let’s Encrypt issued its own root certificate (“ISRG Root X1”) and applied for it to be trusted by the major software platforms.
Android devices will start getting certificate errors
The DST Root X3 root certificate that Let’s Encrypt relied on to get us off the ground is going to expire on September 1, 2021. Although Let’s Encrypt is ready to stand on its own, and rely solely on its root certificate, this does introduce some compatibility woes.
Jacob Hoffman-Andrews explained the compatibilities, writing,
“Some software that hasn’t been updated since still doesn’t trust our root certificate, ISRG Root X1. Most notably, this includes versions of Android prior to 7.1.1. That means those older versions of Android will no longer trust certificates issued by Let’s Encrypt.”
“Android has a long-standing and well-known issue with operating system updates. There are lots of Android devices in the world running out-of-date operating systems. The causes are complex and hard to fix: for each phone, the core Android operating system is commonly modified by both the manufacturer and a mobile carrier before an end-user receives it. Google no longer provides version numbers on its Distribution Dashboard, but you can still get some data by downloading Android Studio” according to Jacob Hoffman-Andrews.
While 66.2% of Android devices are running version 7.1 or above, the remaining 33.8% of Android devices will eventually start getting certificate errors when users visit sites that have a Let’s Encrypt certificate. After communicated with large integrators, Let’s Encrypt have found that this represents around 1-5% of traffic to their sites. “Hopefully these numbers will be lower by the time DST Root X3 expires next year, but the change may not be very significant”, Jacob Hoffman-Andrews said.
The recommendation of Let’s Encrypt
As of January 11, 2021, Let’s Encrypt plans to make a change to its API so that ACME clients will, by default, serve a certificate chain that leads to ISRG Root X1. However, it will also be possible to serve an alternate certificate chain for the same certificate that leads to DST Root X3 and offers broader compatibility. This is implemented via the ACME “alternate” link relation. This is supported by Certbot from version 1.6.0 onwards. So, Let’s Encrypt recommended if you use a different ACME client, please check your client’s documentation to see if the alternate link relation is supported.
Let’s have a look at the recommendation of Let’s Encrypt,
- There will be site owners that receive complaints from users. They encourage site owners to deploy a temporary fix to keep their site working while you evaluate what you need for a long-term solution: whether you need to run a banner asking your Android users on older OSes to install Firefox, stop supporting older Android versions, drop back to HTTP for older Android versions, or switch to a CA that is installed on those older versions.
- If you get Let’s Encrypt certificates through a hosting provider, they can decide to switch to the certificate chain that leads to ISRG Root X1 after January 11, 2021. Let’s Encrypt advises these users to contact their hosting providers.
- If you’re on an older version of Android, they recommend you install Firefox Mobile, which supports Android 5.0 and above as of the time of writing.