After remove DST Root CA X3 - old devices (smartphones and smart TVs) broke down

After removed the root certificate from the chain, which will become obsolete in September:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:01:77:21:37:d4:e9:42:b8:ee:76:aa:3c:64:0a:b7
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3
        Validity
            Not Before: Jan 20 19:14:03 2021 GMT
            Not After : Sep 30 18:14:03 2024 GMT
        Subject: C=US, O=Internet Security Research Group, CN=ISRG Root X1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
...

connections on old devices (smartphones and smart TVs) broke down.

Hi, unfortunately this is expected and has been documented since Sept 2021: Shortening the Let's Encrypt Chain of Trust - Let's Encrypt

If you require compatibility with old devices I would suggest finding a CA that still has their root certificate in the trust store of the device you wish to support. You may have more success with (for example) ZeroSSL, BuyPass, DigiCert, Sectigo etc, but you would need to investigate which root they currently issue from (via their intermediates) and check if it is the device store.

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.