Some Mac and Android users are having website connection issues caused by expired Let’s Encrypt certificates

Reports are coming in that internet users who are running Mac devices or older Android devices are having connection issues on some sites they visit in most web browsers.

Mac users who experience the problem receive “your connection is not private” error messages with the error code NET :: ERR_CERT_DATE_INVALID.

Most web browsers on Mac devices, including Google Chrome and other Chromium web browsers, return error messages when users sign in to certain sites.

The issue is related to the expiration of the root certificate of Let’s Encrypt on September 30, 2021. Let’s Encrypt is a non-profit organization that has issued more than 2 billion certificates since its founding.

Certificates issued by an expired root certificate will no longer be trusted by clients. Let’s Encrypt tries to mitigate issues caused by root certificate expiration through a new cross-signed root certificate valid until September 30, 2024.

Let’s Encrypt has published lists of platforms that may be experiencing issues as of September 30, 2021, and which should not.

Older versions of Mac OS and iOS are on non-compatible lists along with older Linux distributions and some other older devices such as Android devices running Android 2.3.6 or earlier.

Known incompatible

  • Blackberry
  • Android
  • Nintendo 3DS
  • Windows XP before SP3
    • cannot handle SHA-2 signed certificates
  • Java 7
  • Java 8
  • Windows Live Mail (2012 email client, no webmail)
    • cannot handle certificates without CRL
  • ps3 game console
  • PS4 game console with firmware

Platforms that will no longer validate Let’s Encrypt certificates

  • macOS
  • iOS
  • Mozilla Firefox
  • Ubuntu> = precise / 12.04 and
  • Debian> = squeeze / 6 and
  • Java 8> = 8u101 and
  • Java 7> = 7u111 and
  • NSS> = v3.11.9 and
  • Amazon FireOS (Silk Browser) (version range unknown)
  • Cyanogen> v10 (version which added unknown ISRG X1 root)
  • Jolla Sailfish OS> v1.1.2.16 (version which added unknown ISRG X1 root)
  • Kindle> v3.4.1 (version which added unknown ISRG X1 root)
  • Blackberry> = 10.3.3 (version which added unknown ISRG X1 root)
  • PS4 game console with firmware> = 5.00 (version which added ISRG Root X1 unknown)

Newer versions of iOS or Mac OS should not be affected according to Let’s Encrypt, but it seems that the issue occurs on some newer versions as well.

Scott Helmes confirms that he is having issues on iOS 11, 13 and 14, and several versions of Mac OS that are “just a few minor versions behind” the current.

Helme created a test site for clients to test if the client is affected.

Workaround

It is not clear at this time if there is anything users can do about the issue on their end. One option that users have is to use Firefox, as it uses its own certificate store. Interrupted connections in the default browser used on the system should work in Firefox on the same system.

Now you: Have you experienced website connection issues related to certificates since September 30, 2021?

Summary

Some Mac and Android users are having website connection issues caused by expired Let's Encrypt certificates

Article name

Some Mac and Android users are having website connection issues caused by expired Let’s Encrypt certificates

The description

Reports are coming in that internet users who are running Mac devices or older Android devices are having connection issues on some sites they visit in most web browsers.

Author

Martin Brinkmann

Editor

Ghacks Technology News

Logo

Advertising



Source link

Steven L. Nielsen

Leave a Reply

Your email address will not be published. Required fields are marked *