This year Let's Encrypt announced that
it's issued a billion certificates, and it's been estimated they've made certs
for almost 30% of web domains. But Friday they posted that "The DST Root X3 root certificate that we relied on to get us off the ground
is going to expire — on September 1, 2021. Fortunately, we're ready to stand on our own, and rely solely on our own root certificate."
"However, this does introduce some compatibility woes."
Some software that hasn't been updated since 2016 (approximately when our root was accepted to many root programs) still doesn't trust our root certificate, ISRG Root X1. Most notably, this includes versions of Android prior to 7.1.1. That means those older versions of Android will no longer trust certificates issued by Let's Encrypt.
Android has a long-standing and well known issue with operating system updates. There are lots of Android devices in the world running out-of-date operating systems. The causes are complex and hard to fix: for each phone, the core Android operating system is commonly modified by both the manufacturer and a mobile carrier before an end-user receives it. When there's an update to Android, both the manufacturer and the mobile carrier have to incorporate those changes into their customized version before sending it out. Often manufacturers decide that's not worth the effort. The result is bad for the people who buy these devices: many are stuck on operating systems that are years out of date.
Currently, 66.2% of Android devices are running version 7.1 or above. The remaining 33.8% of Android devices will eventually start getting certificate errors when users visit sites that have a Let's Encrypt certificate. In our communications with large integrators, we have found that this represents around 1-5% of traffic to their sites. Hopefully these numbers will be lower by the time DST Root X3 expires next year, but the change may not be very significant.
Let's Encrypt engineer Jacob Hoffman-Andrews explains that "In the time between now and September 29 we plan to start serving certificates with the 'alternate' link relation 186 to
allow Automatic Certificate Management Environment (ACME) clients to programmatically select a chain they prefer." But Friday's blog post explains that won't solve everything:
There will be site owners that receive complaints from users and we are empathetic to that being not ideal. We're working hard to alert site owners so you can plan and prepare. We encourage site owners to deploy a temporary fix (switching to the alternate certificate chain) to keep your site working while you evaluate what you need for a long-term solution: whether you need to run a banner asking your Android users on older OSes to install Firefox, stop supporting older Android versions, drop back to HTTP for older Android versions, or switch to a CA that is installed on those older versions.
Gizmodo notes that
Firefox will be unaffected "since it relies on its own certificate store that includes Let's Encrypt's root, though that wouldn't keep applications from breaking or ensure functionality beyond your browser." They describe Let's Encrypt as "the Mozilla-partnered nonprofit," and offers this succinct summary of the problem.
"One of the world's top certificate authorities warns that phones running versions of Android prior to 7.1.1 Nougat will be cut off from large portions of the secure web starting in 2021."
