I was eating breakfast with a multitude of Android phones around me and four "older ones" could not access that site. The oldest that could connect was ~5 months old, all using new Mobile Chrome versions.
The reality is, for a bunch of usecases, you're gonna need to support 15 plus year old devices.
So Windows XP...
There are a lot of old systems out there running API's, automation, industrial systems, etc. They never get updates, and are expected to last decades. Most of them aren't on the public internet, but HTTPS would still be a good idea. This change is going to mean a bunch of them just get changed over to having no encryption.
Work for a university. We have a number of students in Africa, southeast Asia, and eastern Europe taking online courses. We do not support Windows XP or Vista, except for in the case of these students. Some of these guys don't have the resources for anything else.
I also know that we get a number of students connecting with Android v3 or earlier from these same locales.
Most industrial devices and even consumer kiosks probably access sites that are under the control of the device's owner or manufacturer. So the sites can just use self-signed certificates in the first place.
Or, for industrial use a hundred bucks on a certificate from an older CA is nothing.
Or, as 'vbezhenar hinted at elsewhere, the operators of the systems can distribute and install the ISRG root certificate to the devices that need them.
> I built an app that's used on thousands of Android devices in an industrial setting
If its that important to you or if its a commercial offering in an 'industrial setting', you should have no problems acquiring a cheap SSL certificate from another source. You can literally get them as low as $6 a year right now.
LE provides a great service and continues to do so. If you want to nitpick, then jump to a 'competitor'.
> If you want to nitpick, then jump to a 'competitor'
Sure, I can solve the problem by switching to a different CA, or by adding the ISRG root cert to each device.
But this is a problem that didn't need to happen. I blame myself for not anticipating it when I selected LE.
And I blame LE for cross-signing with a root cert that expires so soon. Not a good choice for a new CA that will take many years to be trusted on most devices.
So Windows XP...
There are a lot of old systems out there running API's, automation, industrial systems, etc. They never get updates, and are expected to last decades. Most of them aren't on the public internet, but HTTPS would still be a good idea. This change is going to mean a bunch of them just get changed over to having no encryption.