DST root CA X3 - Letsencrypt SSL problem for old devices - how to handle? (2)
10-04-2021 02:26 PM
#1
larsometer (Senior Member)
DST root CA X3 - Letsencrypt SSL problem for old devices - how to handle?
DST root CA X3 - Letsencrypt SSL problem for old devices - how to handle?
Got an email from propeller telling me that old devices may have a problem with my Letsencrypt SSL certificates.
Read the official announcement from Letsencrypt but do understand nothing 
https://letsencrypt.org/docs/dst-roo...september-2021
QUESTIONS:
Did anyone encounter problems with old devices?
If so, how did you solve the problem?
I also just saw the email.
Seriously, I guess these are things beyond our capabilities so I will continue as usual.
Before I started using Let's Encrypt I tried to install a SSL certificate manually and it really sucked.
When I see huge differences in my campaigns I can still think about an alternative but for now I will just keep my stuff running.
That means those older devices that don’t trust ISRG Root X1 will start getting certificate warnings when visiting sites that use Let’s Encrypt certificates. There’s one important exception: older Android devices that don’t trust ISRG Root X1 will continue to work with Let’s Encrypt
Here´s also a list with devices that will run just as before because they accept both root certificates:
Platforms that trust ISRG Root X1
Windows >= XP SP3 (assuming Automatic Root Certificate Update isn’t manually disabled)
macOS >= 10.12.1
iOS >= 10 (iOS 9 does not include it)
iPhone 5 and above can upgrade to iOS 10 and can thus trust ISRG Root X1
Android >= 7.1.1 (but Android >= 2.3.6 will work by default due to our special cross-sign)
Mozilla Firefox >= 50.0
Ubuntu >= xenial / 16.04 (with updates applied)
Debian >= jessie / 8 (with updates applied)
Java 8 >= 8u141
Java 7 >= 7u151
NSS >= 3.26
Windows >= XP SP3 (assuming Automatic Root Certificate Update isn’t manually disabled)
macOS >= 10.12.1
iOS >= 10 (iOS 9 does not include it)
iPhone 5 and above can upgrade to iOS 10 and can thus trust ISRG Root X1
Android >= 7.1.1 (but Android >= 2.3.6 will work by default due to our special cross-sign)
Mozilla Firefox >= 50.0
Ubuntu >= xenial / 16.04 (with updates applied)
Debian >= jessie / 8 (with updates applied)
Java 8 >= 8u141
Java 7 >= 7u151
NSS >= 3.26
Interesting could be to see how it goes in low tier geos where probably more users run older systems than in high tier.
But again, there it also shouldn´t be a big problem for Android devices above Android 2.3.6 which should be from 2011 or so
Home > Technical & Creative Skills > Programming, Servers & Scripts