Home » Technology » Lets Encrypt’s Root Certification To Expire Soon

Lets Encrypt’s Root Certification To Expire Soon

Root Certificate

A root certificate will expire in a few days, on the basis of which the Let’s Encrypt service worked for a long time. Users will have to expect that communication between different devices and services will be disrupted as a result.

Crypto certificates are based on a chain of trust and ultimately go back to a few root certificates. However, this also means that all of them become invalid and can no longer be classified as trustworthy if the root certificate loses its validity. This will now happen on September 30th, when the “IdentTrust DST Root CA X3”, on which all Let’s Encrypt certificates were based for a long time, will expire.

The organization has been issuing certificates based on a newer root for a while. Accordingly, it can be assumed that in most cases simply nothing of the matter will be noticed. In particular, if users with reasonably up-to-date browsers access websites that are regularly maintained, the old certificates should no longer play a role.

The situation is different, for example, with Internet communication between devices that have not received any updates for a long time. This was pointed out by security researcher Scott Helme. This can either result in warnings that the connection is not trustworthy. And complete dropouts are also possible.

Helme referred to the situation when an AddTrust root certificate expired in May. At that time there were failures at Red Hat and Roku, among others. The security researcher assumes that there will be significantly more problems in the case of Let’s Encrypt since a large number of providers of services in the network have actually resorted to the certificates of this provider.

Specifically, it will affect users who are still using Windows XP or macOS from before 2016, for example. Newer operating systems may have received an update at some point. Apart from the PC, however, there can still be many embedded systems that are not equipped with halfway new certificates.