Certificates are pretty much the way websites can identify themselves as secure, making HTTPS possible at all. These are issued by certificate authorities whose root certificates are accepted by browser and software developers. What this practically means is that certificates issued by these CAs are automatically trusted by browsers and apps, foregoing the need for each website to seek approval from each and every browser out there.
Let’s Encrypt is a non-profit CA that tries to make it easier and more economical for websites to get a trusted certificate. To that end, it used IdenTrust’s DST Root X3 certificate at first but that quickly became obsolete. It eventually moved to its own root certificate under the Internet Security Research Group, the ISRG Root X1. Normally, that change would be seamless and uneventful, as most browsers will have already accepted the ISRG Root X1. That’s not the case, however, for older software, especially older Android phones.
Let’s Encrypt warned last month that phones running on older versions of Android prior to 7.1.1 might see their Internet activities broken by this change. Those phones have not been updated to accept the newer root certificate and would be flooded by warnings or even broken websites when the older DST Rot CA X3 expires next year. Fortunately, IdentTrust has agreed to extend the DST Root CA X3-ISRG Root X1 cross-sign by another three years despite its own root certificate expiring before that.
All this means is that older Android phones that still make up a third of the Android market won’t have anything to worry about until 2024. The disruptive change will happen eventually but, by then, these phones probably be long gone.