English

Let's Encrypt support for Android <7.1.1 ends in Sept-Dec 2020 (except in Firefox)

Hi all,

Let’s Encrypt have announced that they will change the root certificate for newly issued SSL certificates on the 29th of September, 2020. This is because their present root certificate will expire in a few years. As their certificates have a lifetime of 90 days, the last ones with the old root will be gone by the 28th of December, 2020.

This will mean that web services using Let’s Encrypt for encryption will no longer be reachable on older devices. It will affect the Android browser, Google Chrome, and other apps for online services if the server/website which it is contacting has a Let’s Encrypt certificate. This will affect Android below 7.1.1, which means all FP1, and any FP2’s that are still on Android 5/6.

Note that many of the affected websites and apps may already have stopped working before as a result of the end of support for TLS 1.0/1.1 by many websites in the past few years.

The good news: Firefox is, again, not affected. It uses its own certificate store on all operating systems. I don’t know the situation for the Firefox forks used by many Fairphoners, but there’s a good chance that they’ll work too as they were not affected either when TLS 1.0/1.1 got dropped.
If your favourite app has a browser-based version, you will probably still be able to use Firefox (or a derivative of it) to connect to it.

EDIT: If you want to know how your browser will respond to this, please open https://valid-isrgrootx1.letsencrypt.org/.

8 Likes

FWIW, this has been postponed. The first new certificates will be issues on January 11, 2021, and the last old ones will expire on April 11, 2021.

See also: https://community.letsencrypt.org/t/a-note-to-heavy-users-of-let-s-encrypt-change-affecting-android-users-starting-january-11-2021/134769

4 Likes

Hi,

As I can read here in french :
https://web.developpez.com/actu/310287/Sur-les-anciennes-versions-d-Android-de-nombreux-sites-securises-par-Let-s-Encrypt-pourraient-cesser-de-fonctionner-en-2021-un-tiers-des-appareils-Android-sont-concernes/

Let’s Encrypt will issue certificates that won’t work for old Android devices next year.

A way to continue accessing those websites will be to use Firefox Mobile or IceCat Mobile:

Happy browsing !

3 Likes

In addition, we can learn from the graphic chart that using an FP1 makes us belonging to the 0,8% of Android users that still uses 4.x version.

1 Like

Hi @siltaar, I moved your posts here as there was already a topic about it :slight_smile:

3 Likes