Transition to ISRG's Root delayed until Jan 11 2021

[Edit September 2020: I’ve updated the change date in this post to refer to the current plan, to make it easier to find]

We’re going to delay the transition to ISRG’s root a little further, to January 11 2021. The patterns of Android adoption have not significantly improved since last year. According to numbers from Android Studio, only 66% of Android users are on version 7.1 or above, which includes ISRG’s root. Android 7.1 was released in August 2016. Most of the devices stuck on older versions of Android do not receive updates from their manufacturers.

Currently Let’s Encrypt certificates are trusted on older devices by virtue of our cross-signature from IdenTrust’s DST Root X3. That cross-signature expires March 17 2021. We plan to generate new intermediate certificates and get cross-signatures on them, but those cross-signatures will only be good until September 30 2021 at the latest. That’s when DST Root X3 itself expires.

After September 30 2021, Let’s Encrypt certificates won’t work on Android devices older than 7.1. So why not wait until then to change which root we recommend chaining to? We don’t expect the Android situation to change much in the coming year, which means sites that need support for older Android devices may need to switch CAs. We’d like to give those sites plenty of time to transition. But some of those sites probably won’t be aware of the need to transition until they start receiving reports of errors from their users. In 2020, the fix for such errors will be simple: The site can change which intermediate it serves in its certificate chain, and everything will work fine for another year. However, if a site doesn’t receive error reports until September 2021, it would be stuck with no quick fix and needing to change CAs entirely during an outage. That’s not good for anyone.

In the time between now and September 29 we plan to start serving certificates with the “alternate” link relation to allow ACME clients to programmatically select a chain they prefer. Big thanks to community member @_az for implementing this feature in Boulder. Also during this time we will be issuing new certificates, including new intermediates to be cross-signed. [Edit September 2020: We have done this]

Also, it’s worth noting that affected Android users will have the option of installing Firefox, which supports Android 4.1 and above. Firefox ships its own root store, which includes ISRG Root X1.

14 Likes

The "alternate" link relation for certificates is now live in production. If you're using Certbot, it supports this feature since 1.6.0 with the --preferred-chain flag. Thanks also to @_az for implementing the Certbot side of this change.

9 Likes

We’re delaying this transition one more time, to January 11, 2021. As we got closer to the switchover date, we realized we need to do more outreach to our subscribers first, to make sure no one is taken by surprise. To everyone who has already gotten ready for the switch, thank you!

We will still be making a smaller change to our issuing intermediate this fall. We’ll switch to using our just-issued R3 intermediate. However, that intermediate will be cross-signed by IdenTrust (just like our “Let’s Encrypt Authority X3” intermediate is), so compatibility with your site visitors will not change. Your ACME client should automatically download and configure the correct certificate chain with the next issuance after we make the change.

11 Likes