[panarky]

I built an app that's used on thousands of Android devices in an industrial setting. Most of the devices were acquired last year.

Just tested with the new LE root cert and it doesn't work.

LE says "it's CA problem, not a Let's Encrypt problem", but that's disingenuous.

Let's Encrypt chose to get cross-signed by a root that expires in a couple years.

For example, HN's root doesn't expire until 2038.

This is definitely a Let's Encrypt fuckup that will cause many sites and apps to break.

[nacs]

> I built an app that's used on thousands of Android devices in an industrial setting

If its that important to you or if its a commercial offering in an 'industrial setting', you should have no problems acquiring a cheap SSL certificate from another source. You can literally get them as low as $6 a year right now.

LE provides a great service and continues to do so. If you want to nitpick, then jump to a 'competitor'.

[panarky]

> If you want to nitpick, then jump to a 'competitor'

Sure, I can solve the problem by switching to a different CA, or by adding the ISRG root cert to each device.

But this is a problem that didn't need to happen. I blame myself for not anticipating it when I selected LE.

And I blame LE for cross-signing with a root cert that expires so soon. Not a good choice for a new CA that will take many years to be trusted on most devices.