On September 30, at 17:01 Moscow time , the lifetime of the IdenTrust root certificate (DST Root CA X3) expires , which was used to cross-sign the root certificate of the Let’s Encrypt certification authority ( ISRG Root X1 ), controlled by the community and providing certificates for free to everyone. Cross-signing has ensured the trust of Let’s Encrypt certificates on a wide range of devices, operating systems and browsers while integrating Let’s Encrypt’s own root certificate into root certificate stores.
It was originally planned that after the DST Root CA X3 is out of date, the Let’s Encrypt project will switch to generating signatures using only its root certificate, but such a step would lead to a loss of compatibility with a large number of old systems that did not add the Let’s Encrypt root certificate to their repositories. In particular, approximately 30% of Android devices in use do not have data on the Let’s Encrypt root certificate, support for which appeared only starting from the Android 7.1.1 platform, released at the end of 2016.
Let’s Encrypt did not plan to conclude a new cross-signature agreement, as this imposes additional responsibility on the parties to the agreement, deprives them of independence and ties their hands in terms of compliance with all the procedures and rules of another certification authority. But due to potential problems on a large number of Android devices, the plan was revised . A new agreement was signed with the IdenTrust certification authority , which created an alternative cross-signed intermediate certificate Let’s Encrypt . The cross-signature will be valid for three years and will keep support for Android devices starting from version 2.3.6.
However, the new intermediate certificate does not cover many other legacy systems. For example, after the DST Root CA X3 certificate expires on September 30, Let’s Encrypt certificates will no longer be accepted in unsupported firmwares and operating systems, in which, to ensure trust in Let’s Encrypt certificates, you will need to manually add the ISRG Root X1 certificate to the root certificate store. Problems will manifest themselves in:
- OpenSSL up to and including the 1.0.2 branch (maintenance of the 1.0.2 branch was discontinued in December 2019);
- NSS <3.26;
- Java 8 <8u141, Java 7 <7u151;
- Windows <XP SP3;
- macOS <10.12.1;
- iOS <10 (iPhone <5);
- Android <2.3.6;
- Mozilla Firefox <50;
- Ubuntu <16.04;
- Debian <8.
In the case of OpenSSL 1.0.2, the problem is caused by a bug that prevents cross-signed certificates from being processed correctly if one of the root certificates involved in signing expires, even though other valid chains of trust are preserved. The problem first surfaced last year after the expiration of the AddTrust certificate used for cross-signature in the certificates of the Sectigo (Comodo) certification authority. The crux of the problem is that OpenSSL parsed the certificate as a linear chain, while according to RFC 4158, the certificate can represent a directed distributed circular graph with several trust anchors that need to be considered.
Users of older distributions based on OpenSSL 1.0.2 are offered three workarounds to solve the problem:
- Manually remove the IdenTrust DST Root CA X3 root certificate and install the standalone (not cross-signed) ISRG Root X1 root certificate .
- The “–trusted_first” option can be specified when running the openssl verify and s_client commands.
- Use a server-side certificate signed with a standalone SRG Root X1 certificate that is not cross-signed. This method will lead to the loss of compatibility with old Android clients.
Additionally, the Let’s Encrypt project has crossed the milestone of two billion generated certificates. The one billion milestone was reached in February last year. 2.2-2.4 million new certificates are generated daily. The number of active certificates is 192 million (the certificate is valid for three months) and covers about 260 million domains (195 million domains were covered a year ago, 150 million two years ago, 60 million three years ago). According to statistics from the Firefox Telemetry service, the global share of requests for pages via HTTPS is 82% (a year ago – 81%, two years ago – 77%, three years ago – 69%, four years ago – 58%).