Fallout from upcoming Let's Encrypt certificate changes
As described in this Let'sEncrypt blog entry, certificates issued by Let's Encrypt will soon besigned solely by that organization's own root certificate, which isaccepted by all modern browsers. There is one little catch, though:versions of Android prior to 7.1.1 (released in late 2016) do not recognizethat certificate and will start throwing errors. "Currently, 66.2%of Android devices are running version 7.1 or above. The remaining 33.8% ofAndroid devices will eventually start getting certificate errors when usersvisit sites that have a Let's Encrypt certificate. In our communicationswith large integrators, we have found that this represents around 1-5% oftraffic to their sites." There appears to be little to be doneabout this problem other than to encourage owners of older Android devicesto install Firefox.