Why millions of mobiles, PCs, Smart TVs and even Kindle or PS3 can be left without internet from today
Today you may have tried to access an internet service through an old device. If you’ve done it and it gave you a connection error, don’t be surprised: millions of devices —mobiles, Smart TVs, computers, and even consoles like the PS3— are exposed to a common problem: the expiration of a Let’s Encrypt security certificate.
This company is in charge of validating secure connections between our devices and websites or internet services, but today its Ident Trust DST CA X3 certificate expired. That is not a problem for most users with modern or updated devices, but the thing changes if your mobile, your smart TV or your laptop works with an old, not updated operating system. In that case, it may be impossible for these devices to connect to the internet..
What is that of security certificates. They are small pieces of code that validate and encrypt the connections between our devices on the internet, thus guaranteeing that no one can gossip on these transmissions. There are other entities that offer certificates, but Let’s Encrypt has become a benchmark and now one of its most used certificates, Ident Trust DST Root CA X3, expires.
When can I notice that the internet is not working on my device. Each certificate has a valid start date and an expiration date, and in this case the certificate became valid on September 30, 2000 at 21:12:19 GMT (23:12:19 in mainland Spain) and will expire on September 30, 2021 at 14:01:15 GMT (16:01:15 in mainland Spain).
But my computer is modern. If so, you don’t have to worry: the list of affected devices is made up of systems with many years behind them. You will not know if your computers have at least Windows XP SP3 or higher, with macOS 10.12.1 or higher it will be safe if you updated to Service Pack 3 (April 2008). In many cases we talk about updates and versions of operating systems that appeared five years ago, in 2016. Thus, there are no problems for versions such as macOS 10.12.1, iOS 10, or Android 7.1.1 or higher (with some exceptions), which they were already integrating new certificates.
Does this only affect computers and mobiles? No. Any device that makes use of secure Internet connections and uses this certificate may end up not having access to the network of networks. Smart TVs and even the PlayStation 3 or PS4 could lose internet connection if we have not updated their operating systems in the last 4 years. The same happens with Amazon Kindle e-book readers (they have to be updated to version 3.4.1 of their operating system at least). For example, clients like web browsers will “no longer trust” those trusted Let’s Encrypt certificates if they were the ones in use, but again that will be weird and if we have updated the browser sometime in the last few years (Firefox 50.0, released in November 2016, it was already safe) or higher we will have no problems.
It is not the first time it happens. Certificates expire from time to time, and in fact in 2020 a certificate called AddTrust External CA Root expired and companies like Roku, Stripe, and even Red Hat had problems with their services. This time, however, it could be worse, because Let’s Encrypt issues more certificates – they just celebrate the issuance of the two billionth certificate — and therefore more users, devices and companies could be affected if they continue to depend on those certificates that now expire.
To die run out of internet. The only thing we can do to solve the problem or avoid it is to update our device. There will be cases in which it cannot be, but we may at least be able to update, for example, Android phones from 6 or 7 years ago to Android 7.1.1. In Let’s Encrypt they already started the migration to the ISRG root certificate in 2019, and that certificate called cross-signed ISRG Root X1, which is now on many computers, will not expire until September 30, 2024.
Beware of OpenSSL. If you are a company or entrepreneur with an Internet service that depends on OpenSSL, be careful: in Let’s Encrypt they indicate that if your software depends on OpenSSL 1.0.2 it is advisable that you make some modifications that basically consist of eliminating the DST Root CA X3 root certificate and then add the ISRG Root X1. They explain everything on their official website.
More information | Let’s Encrypt