Support for Android 5.x/6.x/7.x after DST Root CA X3 expiration

Hello,

I absolutely need support for old Android devices via a mobile application. Even though the announcement of the cross chain cert expiration does not say this, I found during testing that Chrome actually continues working with the new default short chain, even on those very old Android devices. It seems that Android's Chrome has its own trust store, like Firefox Mobile (which is the solution Let's Encrypt is giving). I am not positive this is what's happening though.

So my website, even with the new chain, is still accessible via the web browser, but not via my mobile application. I use React Native and webviews, and even though there are some workarounds (adding the X1 cert by interfacing with TrustManager), I have to patch the React Native code and it's not easy to get this to work reliably.

I get my certificates with certbot certonly, and adding --preferred-chain 'DST Root CA X3' resolves the issue, for now (until the 6th of June).

I've seen online that Android could ignore the expiration of the cross signing cert since it is in the trust store of the OS. So, can I just append the cross signed X1 cert to the chain I will obtain with certbot after the 6th of June, and expect it to work after September 30th? I can't test this while the cross chain is not expired.

If so, downloading the cross signed X1 cert and just concatenating it with the chain certbot will obtain is sufficient for this to work?

If not, is there any other way, except switching from Let's Encrypt to another cert provider, to continue support for those ancient devices you can think of?

Thanks a lot.

This is correct, but only for devices running Chrome 105 or higher.

It is possible that the device has cached the cross sign and continues using it, even it not provided by the server. If so, that will stop working when the cross sign itself expires later this year.

No, this is outdated information. What you were reading refers to the expiration of DST Root CA X3 itself, which happened on Sep 30 2021. Android ignored the expiration of the root certificate, yes. But what's now expiring is the cross sign itself (a version of ISRG Root X1 that is signed by DST Root CA X3) - that is not ignored.

No. Let's Encrypt will stop providing this chain for a reason - there's no sensible way to keep it alive.

You can try to configure the trust store of your app manually, but it appears that you have considered this already. If you're using webviews (which are based on outdated Chromiums) it's though indeed.

Note that Let's Encrypt is no longer the only free ACME CA. There are multiple, ACME-compatible, free of charge certificate authorities available these days. Switching to them should be quick and painless (i.e. you can continue using certbot with them). I know that some/most/all of them have better compatibility with regards to Android compatibility, since they're typically using much older roots.

8 Likes

No, because the cross-signed intermediate will expire and is not going to be renewed. (The root already has expired, so that doesn't matter. The problem is the intermediate cert.) So there's no way the "DST Root X1" path will work after September 30th.

You need to make sure your Android app trusts ISRG Root X1 and ISRG Root X2 and preferably one or more other CAs as well.

6 Likes

Thank you both for the very detailed answers.

About this: let's assume that I manage to reliably trust the X1 cert in my app. That should be enough if, in the future, my certs are signed by X2, if I serve the long chain containing the cross signed X2 cert, correct?

2 Likes

Let's Encrypt currently plans to move away from cross-signed roots entirely (New Intermediate Certificates - Let's Encrypt), instead letting server operators choose (via alternate chains) their preferred intermediate to either ISRG Root X1 or ISRG Root X2. So yes, for the near term future you can always use trust paths to ISRG Root X1. For the long term future, we don't know if Let's Encrypt will still be providing this option in N years.

(Note that ISRG Root X2 is an ECDSA root and is only relevant if you're using ECDSA. Old Androids are known to be buggy regarding ECDSA, so I wouldn't recommend them anyway if supporting old Android is your concern).

5 Likes

Got it. Thanks @Nummer378.

2 Likes

I would like to reinterate the importance of adding more than just one CA to the trusted roots if necessary. Please check if other (free) CAs you might want to use as a backup CA in the future (if something happens to LE for example, you never know) are included in the OS root store and if they can be used if you're using some way like TrustManager to trust ISRG Root X{1,2} in your app.

You can view an overview of free ACME CAs at ACME CA Comparison - Posh-ACME as already linked earlier.

E.g. the Buypass root (Buypass Class 2 Root CA) has been around since 2010, so might be included in Android as early as 2.3.0.

The ZeroSSL root AAA Certificate Services is even an older root, issued in 2004.

2 Likes