Lets Encrypt Root Certificate Expiration and Unnecessary complexity to ordinally Users.

Image by methodshop from Pixabay

On 30th September, the root certificate for Lets Encrypt expired affecting many popular platforms including Shopify, Heroku, Fortinet, Monday.com, Netlify, and more. Different platforms reported issues but since then services are fully functional right now anyway.

This isn't the first time the root certificate of a certificate authority has expired. Sectigo's AddTrust root certificate expired at the end of May 2020, affecting hundreds of services and websites, and the impact on Lets Encrypt was expected to be significant owing to its scale.

What is Let's Encrypt?

Let's Encrypt is a non-profit certificate authority managed by the Internet Security Research Group (ISRG), which offers free X.509 certificates for TLS encryption. It is the world's largest certificate authority, with over 265 million websites utilizing its certificates. Its mission is for all websites to be secure and use HTTPS. The service's supplier, the Internet Security Research Group (ISRG), is a non-profit organization.

Now you know the impact of the expiration of its root certificate, the DST Root CA X3. Let's Encrypt issued notices to all the platforms and users who use its root certificate early so that they could prepare for the D-day. And itself was already working on its own root certificate called the ISRG Root  X1

What it means for websites and users?

Websites saw a smooth transition to the  ISRG Root  X1 root certificate which extends to up to 2035 that was issued by the certificate authority and modern browsers and devices will not have an issue trusting this new certificate.

Although some, websites and services on seeing the notices of expiration switched to other certificate authorities that are currently active. Hope they will be back to Let's Encrypt soon. But the transition or effect could hardly be noticed by website owners like me.

But users of old devices like the iPhone 4 or HTC and IoT devices which no longer get security updates, Lets Encrypt says will have issues trusting its certificates and versions of macOS 2016 and Windows XP but we believe they will be protected anywhere.

Way forward for devices that no longer receive security updates

If your device is updated regularly, you will not have problems accessing your websites and services. But for old devices (smartphones, running Android), you might want to install the  ISRG Root  X1 manually from here or from the Lets Encrypt website

Many Android devices, for instance, versions of Android (Nougat) 7.1.1 and earlier, but Let's Encrypt was able to obtain a cross-signature for its own certificate that is valid for three years longer than the signing root, ensuring that most Android devices will remain bug-free for another three years, TechCrunch added.

According to Let's Encrypt, some Android devices may still have troubles because trusted certificated come inbuilt in the android system, thus customers running Android (Lollipop) 5.0 should install Firefox reason being firefox ships its own trusted certificate in build.

Closing

If you're a website owner and you want to escape the unnecessary complexity of SSL certificate issuance you might want to use ZeroSSL, which is an automated service that creates SSL certificates for your website, why? you already know that ;-).

And, if want to create a website, Bluehost has you covered, at only $2.95/mo* WordPress hosting headstart which comes with a Free domain name, Free SSL certificate, and more. 


Recommended Services

Post a Comment

Be nice while commenting

Previous Post Next Post