Is the Let's Encrypt root certificate in all Android bundles?

Let’s encrypt warns about upcoming breakage next year when many certificates will switch to their own root certificate instead of the cross-signed one. Mostly hit will be older Android users, which could also hit the older Android runtimes (e.g. Jolla1).

So, Jolla, I hope you have 3.6 with the new certificates ready until then :stuck_out_tongue:

3 Likes

also mentions he’s not sure if Sailfish won’t break. anyone clarify?

2 Likes

I did a post about that too last year. But didn’t they do a trick, that the root certificates last longer. I just remember that all versions underneath Android 7.0 would be useless without the certificates. So for my Xperia X device this would mean the end :frowning: :’(

Yes, they implemented a trick that will, under some circumstances, bypass the problem:

Because old Android devices don’t check the expiration date of a root certificate when they use it, Let’s Encrypt may be able to continue to chain down to the expired root certificate without any problem on those older devices.

But I’m not sure that applies. In theory, we should be safe, it was just the case that the author mentioned (yipee!) Sailfishos and I thought I’d flag it.

As a sysadmin, among other things, I’m watching this all the time, so I’ll report.

2 Likes