[Fradow]

Thank you for the tip.

The issue is not so much about the browser, as I'm an app editor (which happens to also sell tablets with our apps preinstalled to reduce friction). The issue is that apps that rely on the device certificate store aren't going to be able to use https with a server using a Let's Encrypt certificate issued with the new root CA.

Shipping a root certificate store would be (for my scale) a bad practice. I made the mistake of pinning a SSL key in the past, never again (you run into issues when your clients never even connect the device to the internet in 3+ years, and then your updater doesn't work anymore).

Fortunately for me, I don't currently use Let's Encrypt for my API servers, and that news was the last straw to make the boss decide we will stop selling Android 5 devices.

Unfortunately, this means our users who recently bought those devices will have some third-party apps might be broken starting 9th of July, and some sites will give a scary warning.