Welcome • User Guide
ToS • Privacy • Canary
Donate • Bugs • License

©2025 Poal.co

302

• (edited )

NOT AGAIN!!! 10% of Internet to go offline soon! Let's Encrypt HTTPS ROOT certificates built deep inside most OSes all go dead Sept 30th 2021 for All internet able devices made since 2001 and 2 years ago, or turned off for 2 years and not OS updated. Hundreds of millions of users screwed that week. (scotthelme.co.uk)

https://scotthelme.co.uk/lets-encrypt-old-root-expiration/

https://news.ycombinator.com/item?id=28596317

All the stuff in your house will break soon, including half your spying devices.

10% of earths devices are fucked, especially for remote updates.

THESE are all fucked, deep in OS :

Windows XP SP2
Windows XP SP1
Windows XP SP3 if Automatic Root Certificate Update is manually disabled
macOS 10.12.0 (2016) and older macOS
Mac OSX 10.11.0 (September 30, 2015) and older Mac OSX
iOS 9 on iPads
iOS 8 or older on iPads
iPhone 4 or older Millions of old Apple Devices used as Wifi browsers and Phones
(iPhone 5 and above can upgrade to iOS 10 and can thus trust ISRG Root X)
Android 7.1.0 or older for SOME fucntions.
(Android >= 2.3.6 will work by default for some web sites, but SSL is not just for web sites)
Mozilla Firefox 49.X or older
Ubuntu < xenial (< 16.04 even with updates applied)
Debian < jessie "8" (even with updates applied)
Java 8 ? if hacked to 8u141 is OK, else Java 8 is fucked
Java 7 ? if hacked to 7u151 is OK, else Java 7 is fucked
NSS < 3.26 is fucked

This mainly affects poor people and Pajeets and Africans, but a year ago affected Roku and Stripe internet devices, so who knows what spy devices in your house all fail october 1st.

https://scotthelme.co.uk/lets-encrypt-old-root-expiration/ https://news.ycombinator.com/item?id=28596317 All the stuff in your house will break soon, including half your spying devices. 10% of earths devices are fucked, especially for remote updates. THESE are all fucked, deep in OS : - Windows XP SP2 - Windows XP SP1 - Windows XP SP3 if Automatic Root Certificate Update is manually disabled - macOS 10.12.0 (2016) and older macOS - Mac OSX 10.11.0 (September 30, 2015) and older Mac OSX - iOS 9 on iPads - iOS 8 or older on iPads - iPhone 4 or older Millions of old Apple Devices used as Wifi browsers and Phones - (iPhone 5 and above can upgrade to iOS 10 and can thus trust ISRG Root X) - Android 7.1.0 or older for SOME fucntions. - (Android >= 2.3.6 will work by default for some web sites, but SSL is not just for web sites) - Mozilla Firefox 49.X or older - Ubuntu < xenial (< 16.04 even with updates applied) - Debian < jessie "8" (even with updates applied) - Java 8 ? if hacked to 8u141 is OK, else Java 8 is fucked - Java 7 ? if hacked to 7u151 is OK, else Java 7 is fucked - NSS < 3.26 is fucked This mainly affects poor people and Pajeets and Africans, but a year ago affected Roku and Stripe internet devices, so who knows what spy devices in your house all fail october 1st.

(post is archived)

You are currently inside a comment thread.

Click here to see all the comments (16).

[–] • 2 pts

(edited )

Kind of... the HTTPS remote sites will have to pay to use competing brand of certs avoiding the expired ROOT LEVEL CERT in the operating system of the USER! Using updated version of this root cert will be of no use and is embedded deep into operating system.

Its a USER problem. Not a simple web server fix.

coding defects in SSL chain logic make these 2001 "almost immortal" root certs very problematic after sept 30 2021

https://scotthelme.co.uk/lets-encrypt-old-root-expiration/

Pandemonium :

https://news.ycombinator.com/item?id=28596317

if you read all the info this day you will see how this is a huge problem, especially for devices and os images that have been turned off dormant for 2 years, or incapable of kernel level OS updates.

Arrrrrrrrgh!!!! Idiocy.

My Solution!

Solution is never mentioned EVER, by any of these low IQ IT writers, but the trick I use is to disable all external clock updates, force time to BEFORE Sept 2021, and then connect to internet and patch or install signed patches... with clock set invalid. Every compiler ever made by apple had dead certs hidden in installers. Apple had to hack and revise over 12 years of compiler installer tools and slip them online this year for similar issue.

Android 7 ? fucked Android 6 ? fucked Android 5 ? fucked Older iOS? fucked everything in your house with little WiFi chips? fucked.

The Sky is Falling, and hundreds of millions of Pajeets and Africans will be crying Sept 30th 2021

parent
link

[–] • 0 pt

Is it? Most systems will use self signed certificates because the web https system is broken. It is not hard to be your own certificate authority except for webpage certificate.

parent
link