Android phones with Android 7.1.1 or older will soon be unable to reach many websites. This applies to websites with a TLS certificate from Let’s Encrypt. A workaround is available.
For years, Let’s Encrypt has been distributing free TLS certificates to websites that want to secure their connection. To get started, the Let’s Encrypt worked with IdenTrust to automatically trust all devices that trusted IdenTrust’s certificates with Let’s Encrypt.
For this, the DST Root X3 certificate was used, which expires on 1 September 2021. Fortunately, the majority of devices now also recognize Let’s Encrypt certificates, starting from 2016. Devices that have received updates since then will continue to trust Let’s Encrypt certificates after 2021.
Google added support for Let’s Encrypt’s own certificates in Android 7.1.1, which the company rolled out by the end of 2016. Unfortunately, many people still use devices that have never received that update. This applies to about one-third of Android phones currently in use.
People who still have an old Android version running on their phone can work around the issue by installing Firefox Mobile on their phones. That browser maintains its own security certificates and will therefore continue to work on websites that are encrypted with Let’s Encrypt after September 2021.
Let’s Encrypt advises website administrators to temporarily switch to another certificate or place a warning on their website alerting Android users. The warning could notify users of the problem and advise them to use Firefox. Alternatively, admins can choose to drop back to HTTP for older Android versions.