Let's Encrypt Root Cert Notice

Last updated November 21, 2020

As of this writing, the GPF site uses the Let's Encrypt certificate authority to verify our secure TLS (HTTPS) certificate. This helps protect both us and you by encrypting all traffic between your browser and our site, as well as assuring you that the site you're visiting is actually ours.

You can find the full technical details here, but an upcoming change to how Let's Encrypt "anchors" our certificate in your browser may soon cause problems for older devices and operating systems attempting to access the GPF site. If your device or OS has not received regular updates for the past several years, you may soon receive errors from your browser stating that the GPF site is insecure. This isn't actually true; the GPF site will remain secure, but your browser won't be able to verify that. While other browser/OS combinations may be affected, we do know that the default browser on Android devices prior to 7.1.1 and iOS devices prior to version 9 are known to be affected.

While Let's Encrypt will be making breaking changes to their system starting in January 2021, we at GPF have elected to use their extended support option that should allow our existing setup to continue to work until September 1, 2021. We hope that this will allow us enough time to warn you about the change so you can decide how you can best adapt to it.

There are a number of options that should allow you to continue accessing GPF and the millions of other sites that are protected by Let's Encrypt certificates after September 2021:

  1. We realize this option may not be available to everyone, but upgrading your device, either to the latest operating system version or to newer hardware altogether, may be the safest and most secure option. As a general rule, the more modern the hardware and operating system is, the more secure it should be. More recent versions are more likely to receive frequent security updates, including but not limited to the latest root certificates. Unfortunately, many older devices no longer receive software updates and are considered obsolete by their manufacturers. For these devices, a complete hardware replacement or an alternative operating system may be required.
  2. If you cannot upgrade or replace your device, using an alternative browser may be a viable alternative. The default browser on most devices uses the certificate store provided by the operating system, which may be out of date. But some browsers like Mozilla Firefox bring with them their own certificate store which should be more current. While we here at GPF personally recommend Firefox for this reason, other browsers with this functionality may be available in your device's app store. As of writing, Google Chrome does not use its own certificate store, but is planning to implement one in the near future. With a bit of research, you can probably find a suitable alternative browser for your device and operating system.
  3. If you cannot upgrade your device or use an alternative browser, we recommend that you only visit the GPF site from a modern desktop browser. All recent versions of Firefox, Chrome, Microsoft Edge, Apple Safari, and Opera should work fine, so long as they running on a relatively recent version of their underlying operating system or they bring their own certificate store. We admit it may be less convenient to avoid visiting the site while on the go, but we'd rather you be safe while still being able to access our site.

If you have any questions about this transition, feel free to contact us and we'll try our best to answer them. If we receive enough questions to warrant a FAQ, we may update this page as necessary.