Companies Face Issues as Lets Encrypt Root Certificate Expires

Experts warn devices will be affected after major HTTPS certificate provider Lets Encrypt saw its root certificate expire this week.

Many websites experienced issues this week following the expiration of a root certificate provided by Lets Encrypt, a free and open certificate authority (CA) used by millions of sites.
Lets Encrypt, which is part of the nonprofit Internet Security Research Group (ISRG), is a massive provider of HTTPS certificates: Last February, it
issued
its billionth certificate and announced it was serving nearly 192 million websites.
The expiry of IdenTrust DST Root CA X3 happened on Sept. 30; after this, computers, devices, and clients like Web browsers will no longer trust certificates that have been issued by this CA.
If the root certificate that your certificate chain anchors on is expired then theres a good chance its going to cause things to fail, writes Scott Helme, founder of Security Header, in a Sept. 20 blog post
warning of the issue
. This happened last May, he added, when the AddTrust External CA Root expired and caused problems for Roku, Stripe, and other organizations.
Given the relative size difference between Lets Encrypt and AddTrust, I have a feeling that the IdenTrust root expiry has the potential to cause more problems, Helme says.
In most circumstances, a root CA expiration wouldnt generate a lot of conversation because the transition from an old root certificate to a new one is completely transparent, Helme writes. The reason this expiry is causing problems is because clients arent regularly updated and if thats the case, the new CA replacing the old one isnt downloaded onto the device.
In his blog post, he lists clients that will break after the IdenTrust DST Root CA X3 expires. These include versions of macOS older than 10.12.1, Windows versions older than XP Service Pack 3, iOS versions older than iOS 10, OpenSSL versions less than and including 1.0.2, and Firefox versions older than 50.
Helme
said to
ZDNet that he had confirmed organizations including Palo Alto, Bluecoat, Cisco Umbrella, Google Cloud Monitoring, Auth0, Shopify, QuickBooks, and Fortinet were among the organizations experiencing issues following the expiration. In a
tweet
, Lets Encrypt advises those experiencing errors to check out the fixes in its community forum. It also notes its seeing a higher than usual rate of renewals, so there might be a delay in getting your certificates.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Companies Face Issues as Lets Encrypt Root Certificate Expires