Let’s Encrypt’s root certificate expiry incident that happened on 31st Sept 2021 !

 Internet goes down for millions.. ! ! !   1 October 2021

You might have seen the name “Let’s Encrypt” across the internet for the past week and it’s because their root certificate expires on 30th September. It’s been planned for a good long while, with Let’s Encrypt providing users with updates on the expiry and new certificate since 2020.

The expiration of a key digital encryption service on Thursday sent major tech companies nationwide scrambling to deal with internet outages that affected millions of online users.

Tech giants — such as Amazon, Google, Microsoft, and Cisco, as well as many smaller tech companies — were still battling with an endless array of issues by the end of the night. The problems were caused by the forced expiration of a popular digital certificate that encrypts and protects the connection between devices and websites on the internet. The certificate is issued by Let’s Encrypt, the largest issuer of such certificates in the world.

At least 2 million people have seen an error message on their phones, computers, or smart gadgets in the past 24 hours detailing some internet connectivity problems due to the certificate issue, according to Scott Helme, an internet security researcher and well-known cybersecurity expert.

“So many people have been affected, even if it’s only the inconvenience of not being able to visit certain websites or some of their apps not working,” Helme said.

“This issue has been going on for many hours, and some companies are only just getting around to fixing it, even big companies with a lot of resources. It’s clearly not going smoothly,” he added.



There was an expectation before the certificate expired, Helme said, that the problem would be limited to gadgets and devices bought before 2017 that use the Let’s Encrypt digital certificate and haven’t updated their software. However, many users faced issues on Thursday despite having the most cutting-edge devices and software on hand.

Who is Let’s Encrypt and what exactly do they do?

Let’s Encrypt is a non-profit certificate authority, widely used across the world. With their prime focus on providing all users with privacy on the internet, they offer their digital certificates for free allowing everyone to take advantage of an extra layer of security online.

Root certificate expiry explained

Let’s Encrypt’s previous root certificate expires as of 30th September, so it’ll no longer be valid. This means that any of your devices, web browsers, and so on that relied on Let’s Encrypt HTTPS certificates, might require an update to the new root certificate that Let’s Encrypt has put in place.

This is what Let’s Encrypt had to say about the change:

“On September 30 2021, there will be a small change in how older browsers and devices trust Let’s Encrypt certificates. If you run a typical website, you won’t notice a difference – the vast majority of your visitors will still accept your Let’s Encrypt certificate. If you provide an API or have to support IoT devices, you might have to pay a little more attention to the change.”

Who might this affect?

It’s important to note that Let’s Encrypt’s certificate expiry won’t affect everyone, most people won’t be impacted at all! If you’re using an older Android, however, Let’s Encrypt did announce back in May 2021 that they found a way for older Android devices to continue using sites that use these certificates:

“We’re happy to announce that we have developed a way for older Android devices to retain their ability to visit sites that use Let’s Encrypt certificates after our cross-signed intermediates expire. We are no longer planning any changes that may cause compatibility issues for Let’s Encrypt subscribers.”

Older versions of Mac and Windows could also be affected in the short term.

The historical impact of root certificate expiries

This isn’t the first time something like this has happened; back in 2020, the AddTrust External CA Root expired which caused a huge ripple across some of the biggest websites in the world like Stripe, Roku, and hundreds more as most were unprepared even though AddTrust, much like Let’s Encrypt, had also made numerous announcements.

For more information on Let’s Encrypt’s certificate expiry, head on over to their website or their forum!