Possible issues for sites using certificates from Let’s Encrypt.

development security software

Let’s Encrypt is a well-known certification center that allows you to get free cryptographic certificates for your projects. Some developers use them on their pet projects, dev, or staging sites, and sometimes they are even used on live environments.

A significant event will happen on the 30th of September. One of the root certificates used by Let’s Encrypt, called IdenTrust DST Root CA X3, will expire. It means that some old systems won’t accept the security certificates provided by this center because to recognize them, the browser needs to trust the root one.

Let’s Encrypt also has its certificate, ISRG Root X1. Still, it needed some time to be recognized as trusted, so they had to use  DST Root CA X3, which was acceptable for most platforms and operational systems existing back then.

So if a customer is using some old and outdated system, it means that after the 30th of September, they will see a message that the site is unsafe. Below is the list of the platforms that may still work correctly:

  • Ubuntu: 16.04 (with latest updates) and newer.
  • Debian: 8 (with the latest updates) and newer.
  • Android: 7.1.1 and newer.
  • Windows: XP SP3 (with the latest updates) and newer.
  • Mac OS: 10.12.1 and newer.
  • iOS 10 and newer.
  • Java 8u141 and newer.
  • Java 7u151 and newer.

All the clients who are using anything older than this will not be able to work with the systems secured by Let’s Encrypt certificates after the 30th of September 2021 14:01:15 GMT.