Will Apple stop supporting Let's Encrypt?

magikweb · April 30, 2017, 11:50pm

Hello everyone!
In Canada, there is a Web host company that is popular in our region claiming that Let’s Encrypt’s SSL certificates are easy to break through and that Apple will stop supporting it in a future release of iOS. They tell their clients that information and we’ve had collateral damage on our end with clients questioning this fact.

Anyone heard about that? Or is it a scare tactic to earn additional clients since they don’t use the LE SSL?

I apologize if this topic should be elsewhere.

pfg · May 1, 2017, 12:17am

I’m not aware of any such plans. Both the ISRG and IdenTrust root certificate still are on the list of trusted roots.

Given that there are no public announcements and no posts on any of the mailing lists where Apple typically announces changes like that, I would say this is just FUD. Unfortunately, that web hosting company is not the first one to try something like this:

The only known incompatibility with Apple products that I’m aware of was with iTunes podcasts, where Apple’s backend software was unable to fetch feeds from HTTPS servers using a Let’s Encrypt certificate, presumably because they were using an older version of Java that didn’t include the IdenTrust root. However, this was fixed a couple of months ago on Apple’s end.

magikweb · May 1, 2017, 1:13am

Apparently, it has something to do with iOS 10. We were told to google “ios 10 let’s encrypt” and that we would find hundreds of links about it.

We found this one: https://discussions.apple.com/thread/7785431?start=0&tstart=0
But nothing else and I assume it could simply be because the target hosts didn’t install it properly?

danb35 · May 1, 2017, 2:01am

FWIW, between my wife and I, we have two iPhones and two iPads, both running iOS 10 (specifically, 10.3.1). My own server uses a Let’s Encrypt cert for web and email. None of those devices complain about it.

Osiris · May 1, 2017, 3:56am

The guy having problems with www.talk.peercoin.net is having problems, because the system administrator of www.talk.peercoin.net only got a certificate for talk.peercoin.net and just forgot to ask for a certificate for www.talk.peercoin.net… Not Let’s Encrypts fault

magikweb · May 1, 2017, 12:00pm

Thank you Osiris. I never had any issue myself, but getting more experiences/opinions will reinforce our push of the Let’s Encrypt certificate.

It’s important for us to know the real details from the source.
If they come up with anything else, I’ll let the community know (unless I find it in a different thread).

ahaw021 · May 1, 2017, 12:35pm

as @Osiris rightfully pointed out configuring websites correctly should be done by the website owners

Not really something apple or LetsEncrypt can help out with

one is a CA and the other is a device manufacturer

Andrei

schoen · May 1, 2017, 4:03pm

Hi @magikweb,

I think the host might have confused several different issues from different news reports, rather than intentionally misleading people. Right now there is no indication that Apple will stop accepting Let’s Encrypt certificates in the future.

tomicio · May 17, 2017, 6:44pm

Hi @magikweb

Are we talking about rapidnet here? Got similar claim from them too.

Can’t find any official Apple statement about it either. On the contrary, I found that they added let’s encrypt support to itunes: http://itunespartner.apple.com/en/podcasts/faq

magikweb · May 17, 2017, 7:07pm

Hello @tomicio,
You’re correct! It’s Rapidenet spreading disinformation through their clients.

JackLee · May 21, 2017, 6:58pm

Hope will not become a real nightmare

system · June 20, 2017, 6:58pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.