After September 30th of this year, the sites using Let’s Encrypt certificate will not be visible on Android 7.1 and below
To be exact, this will be the default behavior for certificates issued by Let’s Encrypt after Sep. 30. This is due to Let’s Encrypt’s default root certificate will switch to ISRG Root X1. By using the “alternate” link, we can get a certificate for the current root chain (DST Root CA X3), in which case we can extend the expiration until Sep. 29 of next year.
For more information, see the following entries.
- https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html
- https://community.letsencrypt.org/t/transition-to-isrgs-root-delayed-until-sep-29/125516
I believe this is a significant issue in terms of universal access to web information.
I expect SaaS providers that issue SSL certificates with Let’s Encrypt to announce policy about this issue. Specifically, about the following.
- Whether you will continue to use Let’s Encrypt or plan to switch to another CA
- If you want to stay, when do you plan to turn your root certificate?
— Will you follow the default root change on Sep. 30 or use the current chain for a while?
- Whether the option to upload own user certificate is offered or will be offered in the future
As far as I can think of, I would like to see the following services put out a statement of policy, but I’m sure there are many more. If you know of a service that already has a policy statement, please let me know.
- Zendesk Guide
- WordPress.com
- Firebase Hosting
- GitHub Pages
- Squarespace
- Hatena Blog
Of course, this is not to say that anyone is to blame or to hold anyone accountable. The fact that old environments remain is an issue, but some people have no choice but to continue using them. I also think it is a matter of each policy to what extent the service provider supports the old environment.
Please understand this is just a request as a service user for you to make such a statement as a clue to our choice of service, and it is not intended as a blaming.
Thanks.