One of the largest providers of HTTPS certificates, Let’s Encrypt, will stop using an older root certificate next week — meaning you might need to upgrade your devices to prevent them from breaking. From a report: Let’s Encrypt, a free-to-use nonprofit, issues certificates that encrypt the connections between your devices and the wider internet, ensuring that nobody can intercept and steal your data in transit. Millions of websites alone rely on Let’s Encrypt.
But, as warned by security researcher Scott Helme, the root certificate that Let’s Encrypt currently uses — the IdentTrust DST Root CA X3 — will expire on September 30. After this, computers, devices and web clients — such as browsers — will no longer trust certificates that have been issued by this certificate authority. For the overwhelming majority of website users, there is nothing to worry about and September 30 will be business as usual. Older devices, however, could run into some trouble, much like they did when the AddTrust External CA Root expired back in May. Stripe, Red Hat and Roku all suffered outages as a result.
Read more of this story at Slashdot.