Home / Industry

Root Certification Expiration: Is Your Business Continuity in Jeopardy?

If your organization includes Android devices as part of its bring-your-own-device (BYOD) policy or uses embedded systems, then a recent root expiration for Let’s Encrypt digital certificates may potentially place your organization at risk. This update will cover what you need to be aware of and how this potential blind spot can impact your organization.

Since September 30, 2021, older browsers and devices that trust Let’s Encrypt certificates now experience warnings when visiting sites using said certificates, as root certificate DST Root CA X3 expired.

Learning from past incidents, such as when AddTrust External CA Root expired in May 2021, various companies—including an online payment platform, a media streaming platform, and an enterprise software solutions provider—all suffered from outages and disruptions.

Despite early warnings about DST Root CA X3’s expiry, several large companies, including accounting software providers, ecommerce sites, and even well-known technology solutions, cloud, and cyber security providers, have been reported as facing website and service issues.

This latest root certificate expiry exposes a potential blind spot in companies’ security postures, leaving them vulnerable to downtime and revenue loss. Affected companies may require additional measures to restore services for their customers and review the incident to address any gaps.

It is widely known that Let’s Encrypt only supports its customers through documentation and community forums and doesn’t provide direct support. It also only offers domain validation certificates (DV), as opposed to organization validation (OV) or extended validation (EV) certificates. It’s been reported that DV certificates have been dispersed as part of phishing campaigns due to the low level of validation required for issuance.

Cybersecurity, business continuity, and disaster recovery are all at risk when companies use digital certificates issued from providers that aren’t structured to meet the needs of an enterprise. CSC recommends companies consider using a certificate authority with comprehensive security-focused capabilities and resources, industry recognition and is backed by 24/7 technical support and trusted security experts.

We’re ready to talk

If you’d like to learn more about digital certification solutions and how automation can mitigate the challenges around reduced certificate lifespans, please complete our contact form.

By CSC, We are the business behind business

We help effectively manage, promote, and secure our clients’ valuable brand assets against the threats of the online world. Leading companies around the world choose CSC as their trusted partner to gain control of their digital assets, maximize their online potential, and increase online security against brand risks.

Visit Page

Filed Under


Commenting is not available in this channel entry.
CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet




Sponsored byVerisign

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix


Sponsored byDNIB.com