Expired Digital Encryption Sends Millions Into Disarray On The Web

(FiveNation.com)- Thursday, the expiration of a key digital encryption service sent tech companies scrambling to deal with internet outages that affected millions of online users. Big Tech giants including Amazon, Google, Microsoft and Cisco, along with many smaller tech companies were still struggling with endless issues by the end of Thursday.

The problems erupted by the forced September 30, 2021 expiration of the popular digital certificate issued by “Let’s Encrypt” that encrypts and protects the connections between devices and websites. “Let’s Encrypt,” a nonprofit organization that has issued more than two billion certificates since its founding, is the world’s largest issuer of such digital certificates.

In a span of 24 hours, at least two million users received error messages detailing some internet connectivity problems due to the certificate issue on their phones, computers or other devices.

There had been an expectation that, before the certificate expired, the problem would be limited to devices purchased before 2017 which use the “Let’s Encrypt” digital certificate but hadn’t updated their software. However, Thursday’s problem was also experienced by users with the most cutting-edge devices and software available.

Dozens of major tech products and services were significantly affected by the certificate expiration, including cloud computing services from Amazon, Google and Microsoft, along with IT and cloud security services for Cisco. Additionally, sellers were unable to log in to Shopify, and games on RocketLeague were also inaccessible.

Despite the looming problem, none of the major tech manufacturers, including Big Tech giants like Apple, Google, Sony or Microsoft, made any announcements to customers about the potential for issues before the “Let’s Encrypt” digital certificate expired.

“Let’s Encrypt” is the first major digital certificate to expire since the advent of the Internet in the 1980s. As such, there is absolutely no precedent for solving the problem other than updating the software on devices, and tech IT teams troubleshooting on a case-by-case basis for each client or customer.

Certificates that have been issued by an expired root certificate won’t be trusted anymore by clients. “Let’s Encrypt” tried to mitigate issues caused by the expiration of the root certificate through a new cross-signed root certificate that is valid until September 30, 2024.