Back in November, Let's Encrypt warned that older Android phones stuck running 7.1.1 Nougat or lower won’t be able to visit large portions of the secure web by September 2021. Now, the nonprofit certificate authority has announced that it has found a solution for the problem that will extend older Android phones’ compatibility with its certificates by three years.
Let's Encrypt relies on IdenTrust, another certificate authority, for cross-signature that allows its certificates to work on older platforms. Unfortunately, the IdenTrust root certificate behind that capability is set to expire next year. That’s a big problem, it noted, because 33.8 percent of Android users on Google Play still run Android versions older than 7.1. According to the University of Michigan, Let’s Encrypt is the world’s biggest certificate authority, which helped double the number of secure websites by providing a free service and making it much easier to implement the HTTPS protocol. In February this year, the nonprofit revealed that it issued its billionth certificate.
In its new announcement, Let’s Encrypt says it was able to find a workaround “thanks to some innovative thinking from [its] community and [its] wonderful partners at IdenTrust.” The partners will implement a new cross-sign solution that will work until 2024. End users won’t have to do anything — they wouldn’t even find out they almost lost access to most secure websites if they never read about the issue. Let’s Encrypt says the solution ensures “uninterrupted service to all users” and will avoid “the potential breakage” it was worried about. The nonprofit has posted more technical details in its announcement if you want to read about the new cross-sign solution and the two organizations’ renewed partnership.