bodqhrohro

Updating the certificates is mostly pointless, as web servers nowadays usually mandate a minimum for TLS 1.2 on clients, and old Sony Ericsson feature phones just don't support it. They won't allow non-encrypted connections now as well. Modern certificates also rely on incompatible modern ciphers like SHA-512, so they won't install anyway. Iif you dig deeply on the certificate provider websites, you may still find some legacy certificate versions, I did it for thawte and DigiCert at least, possibly converted with Thunderbird to the DER format which my feature phone understands.

Yet I'm mostly happy with Opera Mini, and have a backup solution by connecting to my VPS with MidpSSH (I also had to enable some legacy ciphers in the OpenSSH config on the server, as modern versions are not compatible with MidpSSH anymore by default). There, I open pages with elinks. elinks is capable of converting non-Latin characters to ASCII, which is especially neat. But an open SSH session consumes the battery really a lot.

If Opera Mini transcoders eventually go down, I'll think of some proxy solution; basic deciphering would help a lot, but ideally it should be a browser engine ran in cloud returning plain HTML dumps for the stock browser. Something akin to how brow.sh works.

Oh, and if you have troubles with installing some apps due to expired certificates, you may just temporarily unwind the date on the phone. It's a generic solution for any old phones.