Come September 2021 and Android versions having software 7.1.1 (or older) might not be able to load more than 192 million websites currently running. This development could be the result of the long pertinent – Let’s Encrypt and IdenTrust partnership ending on September 2021. It all started in 2015 when Let’s Encrypt decided to make use of DST Root X3 cross-signed certificate (along with its own root certificate) from the certificate authority. Now they are only going to make use of the in-house ISRG Root X1 root certificate to validate websites.
The problem with old phones that are going to encounter this issue is the lack of update to the Android OS since 2016. Not only with websites but apps that fetch site links are also going to show security error loading on such phones.
Apparently, there are 34-percent of devices running on 7.1.1 or older versions, and it could turn into a major headache. Things aren’t looking good as Let’s Encrypt will stop cross-signing by default from January 11, 2021, to initiate the change, even though sites or services will get the option to continue generating cross-signed certificates.
The only workaround of this issue, for now, is by installing the Mozilla Firefox browser if you have an Android device that’s not been updated since 2016. The reason, Firefox makes use of its own root certificate for validating the websites. For now, the problem is in its early stage, and considering so many devices could be affected, sure there is going to be a seamless solution in the coming months.