21, December 2020
Do you have Let’s Encrypt as a supplier for your SSL / TLS certificates?
From January 2021, certificates from Let’s Encrypt will have drastically reduced compatibility.
From 1st of January 2021, SSL / TLS certificates issued by Let’s Encrypt will be invalid on some Android devices. This means that the affected Android devices, about 1 out of 3 will receive certificate warnings when visiting websites, where they have implemented an SSL certificate from Let’s Encrypt (Let's Encrypt is an issuer of SSL / TLS certificates that delivers them for free)
The reason that these certificates will be invalid is that the root certificate will expire. Let’s Encrypt's own root certificates are simply not trusted by Android systems, running an earlier version than 7.1.1. To get around this, they have previously cross signed their root certificate with a third-party provider (IdenTrust), for the browsers to trust Let's Encrypt. This will no longer be possible after january 2021 and such certificates will thus be shown as unsafe.
This affects both website owners to the extent that they are not considered to have a credible website as well as the visitors as these will be blocked from accessing websites that have an SSL certificate via Let’s Encrypt. Website visitors will thus receive a similar error message below when they try to enter the site:
Meeting this warning is directly negative for the visitor, at the same time as website owners do not want to present anything that could give rise to doubts about the security and trust of their website.