Let's Encrypt, a publicly trusted certificate authority (CA) used by Cloudflare to issue TLS certificates, relied on two distinct certificate chains. One was cross-signed with IdenTrust, a global trusted CA that has been around since 2000, and the other was Let's Encrypt's own root CA, ISRG Root X1. Since the launch of Let's Encrypt, ISRG Root X1 has progressively gained greater device compatibility.
On September 30, 2024, the Let's Encrypt certificate chain cross-signed with IdenTrust will expire. To proactively prepare for this change, on May 15, 2024, Cloudflare will stop issuing certificates from the cross-signed chain and will instead use Let's Encrypt's ISRG Root X1 chain for all future certificates.
The change in the certificate chain will affect legacy devices and systems, such as Android devices in version 7.1.1 or earlier, as these rely exclusively on the cross-signed chain and do not have the ISRG X1 root in their trust store. These customers may encounter TLS errors or warnings when accessing domains protected by a Let's Encrypt certificate.
According to Let's Encrypt, more than 93,9% of Android devices already trust ISRG Root X1, and this number is expected to increase in 2024, especially with the release of Android version 14, which makes the Android trust store easily and automatically upgradeable.
From the data analysis, we found that, of all Android requests, 2,96% come from devices that will be affected by the change. Additionally, only 1,13% of all requests from Firefox come from affected versions, meaning that the majority (98,87%) of requests from Android versions using Firefox will not be impacted.
Preparation for change
If you're worried that the change will affect your customers, there are some things you can do to reduce the impact of the change. If you control clients connecting to your application, we recommend updating the trust store to include ISRG Root X1. If you use certificate pinning, remove or update your pin. In general, we discourage all customers from pinning their certificates, as this usually leads to problems during certificate renewals or CA changes.
Certificate pinning, also known as HTTP Public Key Pinning (HPKP), is a security technique that allows websites to associate specific certificates or public keys with their domain, thus preventing man-in-the-middle attacks caused by fraudulent certificates. This process allows customers to verify whether the certificate presented by the server during a TLS/SSL connection is indeed among those that the site owner has designated as trusted. If the certificate or public key does not match the “pinned” ones, the connection is rejected, increasing security against certificate authority compromises or improper certificate issuance.
While this change will affect a small portion of customers, we support the transition Let's Encrypt is making as it supports a more secure and agile Internet.
Embrace change to move towards a better Internet
Looking back, there have been numerous challenges that have slowed the adoption of new technologies and standards that have helped make the Internet faster, more secure, and more reliable.
Before Cloudflare launched Universal SSL, free certificates were not available. Instead, domain owners had to pay around $100 to get a TLS certificate. For a small business, this is a significant cost and without browser enforcement of TLS, this has significantly hindered TLS adoption for years. Insecure algorithms took decades to be deprecated due to lack of support for new algorithms in browsers or devices. We learned this lesson by deprecating SHA-1.
Supporting new security standards and protocols is vital to continuing to improve the Internet. Over the years, big and sometimes risky changes have been made to keep us moving forward. The launch of Let's Encrypt in 2015 was monumental. Let's Encrypt has allowed every domain to obtain a TLS certificate for free, paving the way for a more secure Internet, with around 98% of traffic now using HTTPS.
In 2014, Cloudflare launched Elliptic Curve Digital Signature Algorithm (ECDSA) support for Cloudflare-issued certificates and decided to issue ECDSA-only certificates to free customers. This increased adoption of ECDSA by pushing customers and web operators to make changes to support the new algorithm, which provided the same (if not better) security as RSA while also improving performance. In addition, modern browsers and operating systems are now built to constantly support new standards, so they can deprecate old ones.
To move forward in supporting new standards and protocols, we need to make the Public Key Infrastructure (PKI) ecosystem more agile. By retiring the cross-signed chain, Let's Encrypt is pushing devices, browsers and customers to support adaptable trust stores. This allows customers to support new standards without causing radical change. It also lays the groundwork for new certificate authorities to emerge.
Today, one of the main reasons why the number of available CAs is limited is that it takes years for them to become widely trusted, that is, without cross-signing with another CA. In 2017, Google launched a new public trust CA, Google Trust Services, which issued free TLS certificates. Even though they launched a few years after Let's Encrypt, they faced the same device compatibility and adoption challenges, which led them to cross-sign with GlobalSign's CA. We hope that by the time GlobalSign's CA expires, almost all traffic will be coming from a modern client and browser, meaning the impact of the change should be minimal.