LET’S ENCRYPT, Root Certificate Expires Next Week &!


Let's Encrypt

It’s evident, apps and website developers know the essence of URL protection just as the informed, but the latest development from one of the largest providers of HTTPS certificates – Let’s Encrypt could alter things, yet a good step. This is because the subject service provider will stop using an old root certificate next week, in view of this you might have to upgrade your devices to ensure they’re prevented from breaking.

The subject service and certificate provider understood to be a free-to-use non-profit, issues certificates that encrypt the connections between users’ devices and the wider internet while ensuring that nobody can intercept and steal your data in transit.

But looking at millions of websites that rely on this company’s service, it’s worth noting that this change could cause havoc. But according to security researcher ‘Scott Helme’, who noted that the root certificate that this company currently uses – the IdentTrust DST Root CA X3 – will expire on September 30. And after the expiration, computers, devices, and web clients – such as browsers – will no longer trust certificates that have been issued by this certificate authority.

In the meantime, website users are advised to worry less about September 30 as it will be business as usual. In as much as older devices may run into trouble, as it was observed when the AddTrust External CA Root expired back in May. Stripe, Red Hat, and Roku were rather faced with outages as a result.

Meanwhile, according to Helme who made clear in a blog post while referring to the upcoming expiry, warned that “Given the relative size difference between Let’s Encrypt and AddTrust, I have a feeling that the IdenTrust root expiry has the potential to cause more problems”.

“At least something somewhere is going to break”, he noted.

Typically, devices that are likely to be affected by the certificate expiry are those that lack regular updates, such as the embedded systems that are designed not to automatically update or smartphones that are still running years-old software releases. This also includes users running an older version of macOS 2016 coupled with Windows XP (with Service Park 3) will likely to face issues, including clients dependent on OpenSSL 1.0.2 or earlier, and older PlayStations that are yet to get upgrades to the newer firmware.

While a number of Android smartphones may remain breakage-free due to regular system updates, it was noted that some Android devices may run into issues, Let’s Encrypt said. And recommended that users running Android (Lollipop) 5.0 install Firefox.

“For an Android phone’s built-in browser, the list of trusted root certificates comes from the operating system – which is out of date on these older phones”, the certificate authority explains. “However, Firefox is currently unique among browsers – it ships with its own list of trusted root certificates”.   

While in the meantime, it’s difficult to predict what will happen come September 30, however, one should note, “At least something, somewhere is going to break”, according to Helme.

  • What more should we expect from this expiration?