How to make older Android devices work with Letsencrypt ROOT certificate - Server support blog

How to make older Android devices work with Letsencrypt ROOT certificate

How to make older Android devices work with Letsencrypt ROOT certificate 19
The most impacting technical event of the Internet was the expiration of the Letsencrypt DST Root certificate which brought a lot of grief to technical support people and owners of declared obsolete devices. Here is the lists of compatible and incompatible devices provided by Letsencrypt.
There is a way to make some of incompatible devices work, by manually installing ISRG Root X1 Letsencrypt certificate, here is brief instruction for older Apple OS, and below I will show how to do the same on Android 6.0.1 phone.

  1. Validation – try opening Letsencrypt test URL https://valid-irsgrootx1.letsencrypt.org with Chrome (or any other browser that uses system root certificate storage), in case your device is affected, this will produce an error page. Same error will appear while visiting any other site that uses Letsencrypt certificate
    How to make older Android devices work with Letsencrypt ROOT certificate 20
  2. Download and install Firefox web browser from Google play store, or use it if you have it already installed
    to download required certificate from Letsencrypt web site https://letsencrypt.org/certs/isrgrootx1.der
    How to make older Android devices work with Letsencrypt ROOT certificate 21
    How to make older Android devices work with Letsencrypt ROOT certificate 22
  3. Use system builtin certificate installer to open downloaded certificate file
    How to make older Android devices work with Letsencrypt ROOT certificate 23
  4. Provide imported certificate with the meaningful name How to make older Android devices work with Letsencrypt ROOT certificate 24 (not necessary the correct one)
  5. Once certificate installed, use previous web browser with the open verification URL to verify that system is using imported certificate and able to open web sites that use Letsencrypt SSL certificates without errorsHow to make older Android devices work with Letsencrypt ROOT certificate 25.
  6. Imported certificate could be found under Settings->Security->Cretential Storage->Trusted Credentials How to make older Android devices work with Letsencrypt ROOT certificate 26
  7. In case you decide to remove this certificate, you just need to tap it to open details window and scroll down to the remove button How to make older Android devices work with Letsencrypt ROOT certificate 27

Similar approach could work with other obsolete systems and devices if there is a way to manually import certificate into the system trust storage.

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">