Millions of Devices and Sites Could Stop Working on Thursday

root certificate expiry

Internet connection for old devices may be about to expire for good in a few days time.

It’s all a bit technical, but the long and the short of it is that a digital certificate used to verify internet security that was popular back in the day is about to expire.

On 30 September, one of the largest providers of HTTPS certificates, Let’s Encrpyt, is going to stop using an old root certificate — which is not something you get after a hook up — and millions of devices and sites could be affected as they all rely on the company for secure internet connection.

Older MacBooks and iPhones are at risk, as well as consoles like the PlayStation 3 and Nintendo 3DS, some older smart TVs and set-top boxes. Basically, anything that requires a secure connection to a particular server could stop working.

Streaming platforms like Netflix, Stan and Binge require devices accessing their services to have a secure connection and it might also affect websites requiring secure login like emails and banks.

Why Is The Root Certificate Expiring?

Internet architecture requires constant updates to stay ahead of the latest security concerns. That’s not usually much of an issue for devices like smartphones and laptops that are updated automatically pretty regularly.

Security certificates are issued by something called a certificate authority that normally updates every so often along with new software. These are stored on the device as part of the operating system that allows your device to tell a server that it is you who is accessing it.

Periodically, these expire, as it’s anticipated that new certificates will come in to replace the old ones. Again, not usually much of a concern.

The root certificate that Let’s Encrypt currently uses is called the IdentTrust DST Root CA X3 and it expires on September 30 after being used since the year 2000. After this, computers, devices and web clients — such as browsers — will no longer trust certificates that have been issued by this certificate authority.

The reason that this is an issue is that devices that aren’t designed to update constantly likely won’t have updated to the new certificate authority. It’s not really anything that Let’s Encrypt have done, it’s just that this is how the internet works.

Security researcher Scott Helme has been writing about this looming problem for a few years now and has a few extensive articles on his site that explain the issue in more detail.

While Let’s Encrypt and people like Helme have been working to try to figure out a solution, no one really knows how much of a problem it could be.

How to Fix Root Certificate Expiry

Thankfully there are a few options that could allow older devices to keep connected.

The Let’s Encrypt website has figured out a way to automatically update and extend the certificate authority for older Android devices until September 2024. The site claims that you don’t need to do anything and that the certificates issued from the device will still be recognised for at least another few years.

However, it’s bad news for Macs running macOS 10.12.0 or earlier as there has been no official update from Apple. The same applies to iPhones and iPads that cannot be updated past iOS 9.

PlayStation 3 and 4 consoles with firmware earlier than 5.00 will have issues as well as devices running Windows XP with Service Pack 2 or earlier. If possible, update these devices before Thursday to ensure there isn’t a problem.

Helme has suggested that if there are no updates for your device, you should try and install Firefox as this browser doesn’t rely on the system’s operating system for security certificates and might be able to access certain sites.

For anything else that’s of the pre-2017 era, it may be time to upgrade to a new device as it’s unlikely they will work beyond Thursday.

Read more stories from The Latch and subscribe to our email newsletter.