[blitblitblit]

Assuming you aren't able to update via a custom ROM on unsupported hardware, it should still be possible to import the new Root Cert on Android.

> System-installed certificates can be managed on the Android device in the Settings -> Security -> Certificates -> 'System'-section, whereas the user trusted certificates are manged in the 'User'-section there. When using user trusted certificates, Android will force the user of the Android device to implement additional safety measures: the use of a PIN-code, a pattern-lock or a password to unlock the device are mandatory when user-supplied certificates are used.

Source: http://wiki.cacert.org/FAQ/ImportRootCert#Android_Phones_.26...

[strombofulous]

You need root, the first command you enter is `su`, then you immediately make the /system partition writable (you can't do this without sudo). If you can't install a rom like lineageOS you probably can't do this either

There is no way to install a system root cert (user certs will not work in pretty much any app) without root, sadly

[schoen]

An easier way for an Android end-user or an administrator of a small number of Android devices to deal with this is to switch from the built-in browser to Firefox Mobile, because it comes with its own root store which includes the ISRG root, even on an OS that doesn't know about that.

(This suggestion is provided in the ISRG post about this change -- https://letsencrypt.org/2020/11/06/own-two-feet.html#if-you-... -- and elsewhere on the Let's Encrypt community forum. If the IdenTrust root expiration ends up leading to much consternation among users and site operators, this might be good information to spread around more widely!)

[casept]

It's possible to have a locked bootloader (so no unsigned OS), but still have vulnerabilities in the vendor OS image that allow rooting (on devices that are 4 years out of date this is pretty likely).

[m-p-3]

And I believe Google Chrome is moving to its own root certificate store, kind of like Mozilla Firefox.

https://www.ghacks.net/2020/11/02/google-chrome-will-use-its...