Let's Encrypt route certificate expires as scheduled, and on the Android device specially

The non -profit SSL certificate certificate Bureau "Let's Encrypt" is "DST ROOT CA" on October 1 (local time) on the "Resources for Certificate CHAINING HELP -Let's Encrypt"."X3" announced that the expiration date expired on September 30, 2021.

Let's Encrypt is currently using its own certificate "ISRG Root X1".The expiration date of the DST Root CA X3 is due to the schedule that has been announced for a long time, but there is a possibility that websites cannot be viewed on old terminals that cannot be transferred to ISRG ROOT X1.

Let's Encrypt is a relatively new certification bureau established in 2014 by non -profit organization ISRG (Internet Security Research Group).Since its establishment, Let's Encrypt has secured reliability by using a DST Root X3 issued by another certification bureau, IDen Trust, and a cross -signed intermediate CA certificate.Currently, ISRG Root X1, a unique route certificate, is widespread, and most web browsers and devices have ISRG ROOT X1 installed, so even if DST Root X3 expires, there is no practical impact.

However, old devices that cannot apply a new route certificate may cause situations where websites that have been browsed so far cannot be viewed.Security researchers, Scott Helme, alerted the Let's Encrypt route certificate and need to pay attention to devices released before 2017, when software has not been updated.Devices that can be affected are summarized on the next page.

The expiration date of the DST Root CA X3 has been released from Let's Encrypt many times in the past, and has a grace period for the migration.However, in embedded devices, etc., it is difficult to update the software itself due to the structure, and not all devices have shifted to new certificates.What is particularly worried is Android 7.1.It is a version of Android device before 1.Android 7 out of Android devices.1.The version before 1 still has a share of about 30%.

To respond to this, Let's Encrypt issued a special intermediate CA certificate for DST Root CA X3, which has an expiration date up to early 2024.Therefore, version 2 with this intermediate CA certificate is installed..3.The Android device after 6 can be used without any problems for about three years.In addition, there is also an alternative to use Firefox, which uses a unique route certificate store, including ISRG Root X1.

If you have any questions about the expiration date of DST Root CA X3, you want to search for the community forum or post to the next support thread.