Back in March, I wrote about a dilemma I was facing. I could make the certificates on The Session more secure. But if I did that, people using older Android and iOS devices could no longer access the site:

As a site owner, I can either make security my top priority, which means you���ll no longer be able to access my site. Or I can provide you access, which makes my site less secure for everyone.

In the end, I decided in favour of access. But now this issue has risen from the dead. And this time, it doesn���t matter what I think.

Let���s Encrypt are changing the way their certificates work and once again, it���s people with older devices who are going to suffer:

Most notably, this includes versions of Android prior to 7.1.1. That means those older versions of Android will no longer trust certificates issued by Let���s Encrypt.

This makes me sad. It���s another instance of people being forced to buy new devices. Last time ���round, my dilemma was choosing between security and access. This time, access isn���t an option. It���s a choice between security and the environment (assuming that people are even in a position to get new devices���not an assumption I���m willing to make).

But this time it���s out of my hands. Let���s Encrypt certificates will stop working on older devices and a whole lotta websites are suddenly going to be inaccessible.

I could look at using a different certificate authority, one I���d have to pay for. It feels a bit galling to have to go back to the scammy world of paying for security���something that Let���s Encrypt has taught us should quite rightly be free. But accessing a website should also be free. It shouldn���t come with the price tag of getting a new device.