Install LetsEncrypt X1 Root on a rooted device

From 8th July 2020, LetsEncrypt will begin serving certificates which may break compatibility with older Android devices (likely Android versions older than Android 7.1.1).

It’s hard to be specific about which devices will be affected as each device manufacturer controls which root certificates are trusted at firmware build time.

You can test if your device already supports the LetsEncrypt X1 root CA by visiting in the built in “Browser” app on your device. Do not use Chrome for this test.

If you receive a certificate warning then you need to add the X1 root to your device’s list of trusted CAs.


Android 7.1.2

The DSCS9 running Android 7 already supports the LetsEncrypt X1 root.

Android 6.0.1

There are two options available to you.

First option is you can upgrade your DSCS9 to Android 7.1.2.

If you prefer to remain on Android 6, then alternatively you can import the LetsEncrypt X1 Root CA by following the instructions in the Rooted Devices section below.

You can download Root Certificate Manager via APKPure here:

Non-Rooted Devices

It is possible to add a new CA to a non-rooted device.
See Android SSL Support

You can download a copy of the LetsEncrypt X1 root CA here:

Unfortunately that means setting a lock screen on the device which means on reboot the device will need to be unlocked each time. Unfortunately that’s a limitation of the Android OS and cannot be worked around on a device which is not rooted.

Rooted Devices

Using an App

The easiest way to add the LetsEncrypt root is to use the Root Certificate Manager(ROOT) app from the Google Play store.

It will allow you to import the CA pem file from SD card.
You can download a copy of the LetsEncrypt X1 root CA here:

Save that to your device’s storage, and then use Root Certificate Manager to import it.

Using the command line

If you have command line access to your Android devices, then you can install the LetsEncrypt X1 root on your device that way. This was tested on an Android 6.0.1 DSCS9. It has not been tested on other devices so proceed with caution if you are not using a DSCS9.

Ensure you have a superuser shell. That’s normally achieved by typing su
Download the following file and store it somewhere on the device. I’ll assume /storage/sdcard0/Downloads but you can substitute the correct path in to the commands.

Then, run the following

mkdir -p /data/misc/user/0/cacerts-added
mv /storage/sdcard0/Downloads/isrgrootx1.pem.txt /data/misc/user/0/cacerts-added/6187b673.0
chown system.system /data/misc/user/0/cacerts-added/6187b673.0
chmod 644 /data/misc/user/0/cacerts-added/6187b673.0
The Xibo Community site uses cookies. What are cookies?