Netlify uses a service called Let’s Encrypt to automatically provide the TLS/SSL certificate for your Netlify websites that use custom domains for free. We’re proud to be doing our part to make the web more secure by partnering with Let’s Encrypt.
On September 30, 2021, Let’s Encrypt’s root certificate “DST Root CA X3” has expired. This expiration has caused certain browser clients with older operating systems not to be able to load your website as “DST Root CA X3” has expired and “ISRG Root X1” (the “new” root) is not trusted by these clients.
The example of these clients would be old iOS devices (below iOS 10) or old Android devices (below Andriod 2.3.6). You can find the list of clients that trust “ISRG Root X1” here: https://letsencrypt.org/docs/certificate-compatibility/
What can I do to support older devices?
If you wish to support older devices too, you would need to purchase a custom SSL certificate that supports older devices. Any certificates issued by Let’s Encrypt will have this issue. You can always upload the custom certificate in your site’s domain settings page. More documentation on custom certificates and Netlify can be found here: HTTPS (SSL) | Netlify Docs
I’ve heard that some Andriod devices would face this issue in the past?
You are correct, previously it was mentioned that some Android devices (prior to 7.1.1) will be unable to load the websites too (forum post). However, the Let’s Encrypt team worked with IdenTrust to extend this support and the certificate will work with these Android devices until early 2024.
You can read more in https://letsencrypt.org/2020/12/21/extending-android-compatibility.html.
If you have questions or concerns, please let us know in the comments!