The root certificate on which Let’s Encrypt, a non-profit organization that grants free TLS certificates, relied, will expire in September next year, causing terminals that have not been updated since 2016, that is, those with Nougat or lower , do not accept it as valid. Due, will receive errors when opening web pages that are signed with these certificates.
This is the bad news, although the good news is that there are still about 10 months left in which the new versions of Android should continue to progress and that, when the time comes, there is an easy way to continue browsing the web: use Firefox for Android instead of the pre-installed browser.
Coming in 2021: certificate errors
Let’s Encrypt has explained the situation in a blog post. When they started award free certificates five years ago, they reached an agreement with IdenTrust to use their root certificate, thus being able to start operating immediately, without having to wait for each operating system to accept its own root certificate, something that can take years.
Five years later, Let’s Encrypt already has its own root certificate, but the IdenTrust certificate will expire in September 2021, causing mobiles that do not update from Android Nougat to not accept it as valid. In practice, this means that when trying to open a page that depends on this certificate, an invalid certificate error will be displayed.
It’s not the apocalypse – it will happen on a few web pages and can be fixed using Mozilla Firefox instead of the pre-installed browser
In fact, it is not entirely unusual: if you have revisited an old Android phone, you may have received certificate errors when using the pre-installed browser, since the root certificates that were included in the mobile have expired. The difference is that this time we are pre-advised, and that Android Nougat does not sound so old to us, despite being four years old.
Google has not updated distribution data since April, and at that time Android Nougat was at 12.9% of devices. Nougat and previous versions combined assumed 39.2% of active devices. Today the figure should be lower, and is expected to decline further by September 2021.
Of course, if when the time comes you still have a mobile with Nougat or lower and you come across a web page with an expired certificate, the solution is easy: use Firefox for Android. Unlike most web browsers, Firefox includes its own list of accepted root certificates, instead of using the ones pre-installed on the system. In this way, a modern version of Mozilla Firefox will be able to continue loading web pages that stop loading on mobile phones with Nougat or lower.