Dozens of websites and services reported issues late last month thanks to the expiration of a root certificate provided by Let’s Encrypt, one of the largest providers of HTTPS certificates.
Let’s Encrypt and other researchers had long warned that the IdentTrust DST Root CA X3 would expire on September 30, and many platforms did heed the calls and updated their systems. But a few did not, causing a minor kerfuffle as users questioned why some of their favorite sites were not working as well as they should.
Scott Helme, the founder of Security Headers, told ZDNet that he confirmed issues with Palo Alto, Bluecoat, Cisco Umbrella, Catchpoint, Guardian Firewall, Monday.com, PFsense, Google Cloud Monitoring, Azure Application Gateway, OVH, Auth0, Shopify, Xero, QuickBooks, Fortinet, Heroku, Rocket League, InstaPage, Ledger, Netlify and Cloudflare pages, but noted that there may have been more that went unreported.
Millions of websites rely on the services provided by Let’s Encrypt, which operates as a free non-profit that makes sure the connections between your device and the internet are secure and encrypted.
Without them, some older devices will no longer be able to verify certain certificates.
Josh Aas, executive director of the Internet Security Research Group