Posted on September 30, 2021

Connection Issues – DST Root CA X3 Expiration – Let’s Encrypt Certificates

When you are surfing online, or checking your email, in 2021 most of these connections to either of these are done with a small data file that digitally binds a cryptographic key to the organization’s details by using a SSL (Secure Sockets Layer) to establish a secure connection. In plain language, this connection establishes an encrypted connection between the web browser and a web server. With this secure connection over https as opposed to http, this provides you a level of trust when you are potentially sending sensitive information like credit cards, usernames, passwords, emails, etc.

In the last five (5) years a not-for-profit organization called Let’s Encrypt has become the standard in issuing such SSL certificates with approximately 158 million sites using Let’s Encrypt of the 243 million active websites using an SSL, representing an astonishing 65% of the global market.

We at FullHost have been huge advocates for Let’s Encrypt as it has significantly increased the adoption rate of sites using SSLs and with their automated renewal process no longer requires you (or us) to reinstall SSL certificates. We are seeing adoption rates significantly higher than the 65% global rate.

Today, September 30, 2021, as was communicated by Let’s Encrypt back in May of this year is that there was a change to how older browsers and devices trust these certificates. The IdentTrust DST Root CA X3, the root certificate, was set to expire today. For the vast majority of us, the transition from this root certificate to its own ISRG Root X1 certificate which is valid until 2035, this will be a seamless process and one in which you will not even notice.

As we are seeing today, a number of our clients and their respective customers are experience issues due to the IdentTrust DST Root CA X3 expiry. The reason for this is that while modern browsers and devices recognize the new certificate, older browsers and devices, because they are either not updated or not getting software updates to be compatible with the newer technology, are causing warning and connection issues. This is similar to what happened in May of 2020, when the AddTrust External CA Root expired leaving organizations like Roku, Stripe, Spreedly with issues as a result.

What is FullHost Doing?

While we have, and continue to strongly support Let’s Encrypt and what they do, to ensure that we are able to support you even if you or your customers are using older technology, is that we are implementing a change from Let’s Encrypt SSL certificates to Sectigo certificates server side that will continue to support affected older devices by this certificate change with Let’s Encrypt. As of 17:00 PST today, we have switched over approximately 50% of of the domains on our network from Let’s Encrypt to Sectigo/Comodo. We will be continuing this process and expect all domains will be done within 24 hours. We are being slightly hampered with that as Sectico is experiencing timeouts as they are overwhelmed by the number of requests from around the world.

If you are facing issues on an unsupported email client, please change the email host name to the server host name which is already on a Sectigo certificate, and can as well connect through webmail (domain.com/webmail) to bypass this.

Affected Devices

  • Blackberry less than 10.3.3
  • macOS prior to 2016
  • iOS less than version 10
  • Windows XP (with Service Pack 3)
  • PlayStation 3 or 4 with firmware less than 5.00
  • Android 7.1.1 and earlier (of which some certificates have already expired)
  • Nintendo 3DS
  • Kindle less than 3.4.1
  • Amazon FireOS with Skill Browser

Leave a Reply

Your email address will not be published. Required fields are marked *

Trusted by Clients Across All Industries

Don’t take our word for it - let our happy clients do the talking. See More

Full Host did an amazing job of migrating my site seamlessly onto their server. My only regret was not switching my site over to them sooner. Now it is performing great, images are uploading way faster than ever before.

" Vancouver Sofa and Patio - Jerry Schmidt

Two thumbs up for Fullhost! Agents reply to me fairly quickly or at least let me know they received the ticket and are looking into it. Kudos to the support team as they have always given me exactly what I need without delays.

" Universal Staffing Inc. - Anthony Calvano

FullHost is an absolute pleasure to work with, and their customer service is exceptional. Whenever I have questions or need adjustments, they are there to help, quickly, efficiently, with answers and insights.

" Mooseworld Inc. Norine Leibel

With coast to coast coverage,
We help you serve the world.

Whether your audience is located in Europe, Asia, Africa, or Australia, provide them with lightening speed!

FullHost's data centers are located in Toronto and Vancouver to ensure worldwide quality and speed.

Get in Touch
We Trust Only The Best Tech to Support You

FullHost operates with the most innovative technology to bring you unparalleled levels of hosting services.