The most impacting technical event of the Internet was the expiration of the Letsencrypt DST Root certificate which brought a lot of grief to technical support people and owners of declared obsolete devices. Here is the lists of compatible and incompatible devices provided by Letsencrypt.
There is a way to make some of incompatible devices work, by manually installing ISRG Root X1 Letsencrypt certificate, here is brief instruction for older Apple OS, and below I will show how to do the same on Android 6.0.1 phone.
- Validation – try opening Letsencrypt test URL https://valid-irsgrootx1.letsencrypt.org with Chrome (or any other browser that uses system root certificate storage), in case your device is affected, this will produce an error page. Same error will appear while visiting any other site that uses Letsencrypt certificate
- Download and install Firefox web browser from Google play store, or use it if you have it already installed
to download required certificate from Letsencrypt web site https://letsencrypt.org/certs/isrgrootx1.der
- Use system builtin certificate installer to open downloaded certificate file
- Provide imported certificate with the meaningful name (not necessary the correct one)
- Once certificate installed, use previous web browser with the open verification URL to verify that system is using imported certificate and able to open web sites that use Letsencrypt SSL certificates without errors.
- Imported certificate could be found under Settings->Security->Cretential Storage->Trusted Credentials
- In case you decide to remove this certificate, you just need to tap it to open details window and scroll down to the remove button
Similar approach could work with other obsolete systems and devices if there is a way to manually import certificate into the system trust storage.
Very helpful, thank you very much! I had to make ready one old tablet (Samsung N8010) and it contained Android 4 only without any further updates. Without your help I kept getting error messages whenever reaching a page with the Let’s Encrypt certificate.
Thanks! 🙂
Alex