Managed HTTPS update affecting Android users
Scheduled Maintenance Report for Pantheon Operations
Completed
[Resolved] Managed HTTPS update no longer affects Android users

Pantheon's certificate authority partner for Managed HTTPS, Let’s Encrypt, has now developed a solution that will leave Android users unaffected and the scheduled maintenance will no longer occur. The chain switch will now include a new cross-sign that enables uninterrupted compatibility. The previously-planned chain switch on January 11th, 2021 will not occur. Managed HTTPS service will continue uninterrupted without any action.
Posted Jan 08, 2021 - 14:19 PST
Scheduled
On January 11, 2021, Pantheon's certificate authority partner for Managed HTTPS, Let’s Encrypt, will start providing a certificate chain using their own root certificate by default. This change is only expected to cause compatibility issues with a very small percentage of traffic from very old clients, including Android devices older than 7.1.

To extend compatibility with older clients, Pantheon is manually overriding the default and will continue to serve the IdenTrust cross-signed intermediate until September 29, 2021, at which time Let's Encrypt's new intermediate will be served.

For customers who require support for Android devices older than 7.1 after September 29, 2021, this change will require action on your part to avoid any impact to your traffic, such as using Pantheon’s Custom Certificate, or terminating TLS outside of Pantheon.

For more information on the update from Let’s Encrypt please see their blog post: https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html
Posted Nov 10, 2020 - 15:22 PST
This scheduled maintenance affected: Global CDN and Site Certificate Provisioning.