1. What is the problem? Be very detailed.
Over the weekend, Let's Encrypt posted an article about how they are changing their root certificate authority in 2021 (https://letsencrypt.org/2020/11/06/own-two-feet.html). Let's Encrypt has been cross signing with a broadly accepted root authority IdenTrust, but that is about to change in 2021. They will no longer be cross signing but using only their own root certificate authority. Specifically, they say that Android versions prior to version 7.1.1 do not yet trust Let's Encrypt's root certificate authority. The article says that this affects software / operating systems not updated since 2016.
I'm wondering how much of an impact this will have on the ODK community, given that ODK server software use Let's Encrypt for TLS certificates. Worst case scenario is that these old phones would not be able to connect in order to submit data or get forms.
2. What app or server are you using and on what device and operating system? Include version numbers.
This may not affect our organization. We are still checking within our network to see what Android versions are in use. However, we have held onto old Android phones for a long time previously, so it would not surprise me if we have old, vulnerable Android phones being used for data collection.
3. What you have you tried to fix the problem?
It seems according to Odk Collect with Custom Certificate: Android 5 (works), Android 7,8 (fails), ODK uses the operating system's root certificate authorities.
4. What steps can we take to reproduce the problem?
This isn't a problem yet, but a potential problem.
5. Anything else we should know or have? If you have a test form or screenshots or logs, attach below.
Nothing for now.