Updated: Let’s Encrypt’s root certificate expiry and what it means

You might have seen the name “Let’s Encrypt” across the internet for the past week and it’s because their root certificate expires on 30th September. It’s been planned for a good long while, with Let’s Encrypt providing users with updates on the expiry and new certificate since 2020.

Who is Let’s Encrypt and what exactly do they do?

Let’s Encrypt is a non-profit certificate authority, widely used across the world. With their prime focus on providing all users with privacy on the internet, they offer their digital certificates for free allowing everyone to take advantage of an extra layer of security online.

Root certificate expiry explained

Let’s Encrypt’s previous root certificate expires as of 30th September, so it’ll no longer be valid. This means that any of your devices, web browsers, and so on that relied on Let’s Encrypt HTTPS certificates, might require an update to the new root certificate that Let’s Encrypt has put in place.

This is what Let’s Encrypt had to say about the change:

“On September 30 2021, there will be a small change in how older browsers and devices trust Let’s Encrypt certificates. If you run a typical website, you won’t notice a difference – the vast majority of your visitors will still accept your Let’s Encrypt certificate. If you provide an API or have to support IoT devices, you might have to pay a little more attention to the change.”

Who might this affect?

It’s important to note that Let’s Encrypt’s certificate expiry won’t affect everyone, most people won’t be impacted at all! If you’re using an older Android, however, Let’s Encrypt did announce back in May 2021 that they found a way for older Android devices to continue using sites that use these certificates:

“We’re happy to announce that we have developed a way for older Android devices to retain their ability to visit sites that use Let’s Encrypt certificates after our cross-signed intermediates expire. We are no longer planning any changes that may cause compatibility issues for Let’s Encrypt subscribers.”

Older versions of Mac and Windows could also be affected in the short term.

The historical impact of root certificate expiries

This isn’t the first time something like this has happened; back in 2020, the AddTrust External CA Root expired which caused a huge ripple across some of the biggest websites in the world like Stripe, Roku, and hundreds more as most were unprepared even though AddTrust, much like Let’s Encrypt, had also made numerous announcements.

For more information on Let’s Encrypt’s certificate expiry, head on over to their website or their forum!