Let's Encrypt - Change for older browsers/devices???

[tekguru]

I received the following email from Let's Encrypt today:

Hello from the staff at Let's Encrypt.

On September 30, there will be a change in how older browsers and
devices trust Let's Encrypt certificates, resulting in a minor decrease
in compatibility. If you run a typical website, you won't notice a
difference. Devices and browsers running up-to-date software will
continue working fine, and we've taken steps to make sure the vast
majority of older devices will too. If you run a large website, or need
to support less common software (particularly non-browser software),
you'll want to read about the details at:

DST Root CA X3 Expiration (September 2021) - Let's Encrypt

In either case, no action is required from you. We're letting you know
so you can provide answers to any questions your site visitors may have.

Here is a sample hostname from one of your current Let's Encrypt
certificates: forum.t3kk.com

Since 2015 we've served the world with 1.6 billion free certificates,
each one providing security and privacy to people on the Web. It's work
that's 100% funded by charitable donations since we are a nonprofit. If
your company is interested in sponsorship, please email
[email protected]. If you can make a donation, we ask that you
consider supporting our work today: Donate - Let's Encrypt
Thank you.

- The Let's Encrypt team

I'm sure this will not affect my running the forum on the NAS, but thought others on here might be interested in what they are saying?

 

[Rusty]

I received the following email from Let's Encrypt today:



I'm sure this will not affect my running the forum on the NAS, but thought others on here might be interested in what they are saying?

This is classic "heads-up" when main root certs from a CA such as LE in this happens. The point is that if you want your "clients" to trust LE certs issues by a new root CA they have to have its cert as trusted. So that all certificates issued under that CA in the chain will be flagged as "green/trusted".

It will be fine as long as you have all your certs up to date and are not using old browsers and devices that do not trust this new root CA.

 

[tekguru]

Yep they are all up to date and should auto-renew?

 

[Rusty]

Yep they are all up to date and should auto-renew?

Your forum.t3kk.com cert will still continue to renew (and should be up to date), but if your visitors to your forum, are not using an up-to-date device/browser that will support the new root CA, that's where the problems will actually happen.

You got this info as an "owner" of the cert so they are just giving you a heads up what will happen so that when a forum user of yours starts crying that the forum is not working as it should over HTTPS, you will probably guess that his/her device/browser does not trust the new root ca and by proxy your forum cert.

 

[tekguru]

Ah ha right I'm with you, now, in that case I'll not worry as it's a very small private forum and we're all techies So browsers should be up to date.....