Thursday, September 30, 2021

Reminder: DST Root CA X3 Certificate Expiration Today

I saw this making the rounds on IRC and in the news, so I thought I should provide a similar notice as Techtronix uses Let's Encrypt for the certificates used for TLS on the network.

From the Let's Encrypt blog post covering this issue:
DST Root CA X3 will expire on September 30, 2021. That means those older devices that don’t trust ISRG Root X1 will start getting certificate warnings when visiting sites that use Let’s Encrypt certificates. There’s one important exception: older Android devices that don’t trust ISRG Root X1 will continue to work with Let’s Encrypt, thanks to a special cross-sign from DST Root CA X3 that extends past that root’s expiration. This exception only works for Android.
Techtronix itself has used Let's Encrypt for quite a while and most users run reasonably modern systems so I do not expect this change to affect anyone, but it would not hurt to make an announcement post.

If you are affected by this change, there are some options, although they are not all useful. The most obvious option is to upgrade your system's operating system. If this is not possible, some browsers bundle their own certificate stores outside of what is installed in the operating system, so accessing IRC from a browser may be possible. Connection options for Techtronix are covered in the wiki.

No comments:

Post a Comment