'Things were touch-and-go for a while, but it looks like Let's Encrypt's transition to a standalone certificate authority (CA) isn't going to break a ton of old Android phones. This was a serious concern earlier due to an expiring root certificate, but Let's Encrypt has come up with a workaround. Let's Encrypt is a fairly new certificate authority, but it's also one of the world's leading. The service was a major player in the push to make the entire Web run over HTTPS, and as a free, open issuing authority, it went from zero certs to one billion certs in just four years. For regular users, the list of trusted CAs is usually issued by your operating system or browser vendor, so any new CA has a long rollout that involves getting added to the list of trusted CAs by every OS and browser on Earth as well as getting updates to every user. To get up and running quickly, Let's Encrypt got a cross-signature from an established CA, IdenTrust, so any browser or OS that trusted IdenTrust could now trust Let's Encrypt, and the service could start issuing useful certs. When it launched in 2016, Let's Encrypt also issued its own root certificate ("ISRG Root X1") and applied for it to be trusted by the major software platforms, most of which accepted it sometime that year. Now, several years later, with IdenTrust's "DST Root X3" certificate set to expire in September 2021, the time has come for Let's Encrypt to stand on its own and rely on its own root certificate. Since this was submitted four years ago, surely every Web-capable OS currently in use has gotten an update with Let's Encrypt's cert, right? That's true of every mainstream OS except for one. Sitting in the corner of the room, wearing a dunce cap, is Android, the world's only major consumer operating system that can't be centrally updated by its creator. Believe it or not, there are still quite a lot of people running a version of Android that hasn't been updated in four years. Let's Encrypt says it was added to Android's CA store in version 7.1.1 (released December 2016) and, according to Google's official stats, 33.8 percent of active Android users are on a version older than that. Given Android's 2.5 billion strong monthly active user base, that's 845 million people who have a root store frozen in 2016. Oh no.' -- source: https://arstechnica.com/gadgets/2020/12/lets-encrypt-comes-up-with-workaroun... Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 577-5304 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/