Will Apple stop supporting Let's Encrypt?


#1

Hello everyone!
In Canada, there is a Web host company that is popular in our region claiming that Let’s Encrypt’s SSL certificates are easy to break through and that Apple will stop supporting it in a future release of iOS. They tell their clients that information and we’ve had collateral damage on our end with clients questioning this fact.

Anyone heard about that? Or is it a scare tactic to earn additional clients since they don’t use the LE SSL?

I apologize if this topic should be elsewhere.


#2

I’m not aware of any such plans. Both the ISRG and IdenTrust root certificate still are on the list of trusted roots.

Given that there are no public announcements and no posts on any of the mailing lists where Apple typically announces changes like that, I would say this is just FUD. Unfortunately, that web hosting company is not the first one to try something like this:

The only known incompatibility with Apple products that I’m aware of was with iTunes podcasts, where Apple’s backend software was unable to fetch feeds from HTTPS servers using a Let’s Encrypt certificate, presumably because they were using an older version of Java that didn’t include the IdenTrust root. However, this was fixed a couple of months ago on Apple’s end.


#3

Apparently, it has something to do with iOS 10. We were told to google “ios 10 let’s encrypt” and that we would find hundreds of links about it.

We found this one: https://discussions.apple.com/thread/7785431?start=0&tstart=0
But nothing else and I assume it could simply be because the target hosts didn’t install it properly?


#4

FWIW, between my wife and I, we have two iPhones and two iPads, both running iOS 10 (specifically, 10.3.1). My own server uses a Let’s Encrypt cert for web and email. None of those devices complain about it.


#5

The guy having problems with www.talk.peercoin.net is having problems, because the system administrator of www.talk.peercoin.net only got a certificate for talk.peercoin.net and just forgot to ask for a certificate for www.talk.peercoin.net… Not Let’s Encrypts fault :wink:


#6

Thank you Osiris. I never had any issue myself, but getting more experiences/opinions will reinforce our push of the Let’s Encrypt certificate. :smile:

It’s important for us to know the real details from the source.
If they come up with anything else, I’ll let the community know (unless I find it in a different thread).


#7

as @Osiris rightfully pointed out configuring websites correctly should be done by the website owners

Not really something apple or LetsEncrypt can help out with

one is a CA and the other is a device manufacturer

Andrei


#8

Hi @magikweb,

I think the host might have confused several different issues from different news reports, rather than intentionally misleading people. Right now there is no indication that Apple will stop accepting Let’s Encrypt certificates in the future.


#9

Hi @magikweb

Are we talking about rapidnet here? Got similar claim from them too.

Can’t find any official Apple statement about it either. On the contrary, I found that they added let’s encrypt support to itunes: http://itunespartner.apple.com/en/podcasts/faq


#10

Hello @tomicio,
You’re correct! It’s Rapidenet spreading disinformation through their clients.


#11

Hope will not become a real nightmare


#12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.