Android 7.0 step by step direction? My 1st post!

I have no clue what any of the below is on a cell phone that I was asked to fill out but here is what the About section on my phone says.... I have Android 7.0 Android security patch level January 1, 2019 Baseband version MPSS.JO.1.2.c2.1-00028-8937_GENNS_PACK-1.109862.1 Kernel version 3.18.31 Build number NRD90U Software version K55020m

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

What kind of step by step direction do you require? I really have no idea..

1 Like

The best directions would be aimed at the server admins that would like to continue serving your phone TLS secured content.

1 Like

Oh I forgot ... I not only need my phone to work past this Thursday but also work for Cricket who has told me my phone won't work on their network past January 2022. Will your update or change work for both or just get me beyond Thursday? If yes how do I do the required changes? Sorry rg305 what you said is like greek so I have no clue .. what or which server admins? I have no clue what TLS is...

There is no phone update being provided here.
This is a forum about encryption.
DV certificates and clients that obtain and manage them.
I'm pretty sure your phone only "uses" those as a client to websites that may be serving them.

1 Like

Thank you @rg305! I only understood the english not the programming stuff but am comprehending my phone will stop working Thursday. I'd asked here because I read this in an article... The Let’s Encrypt website has a way for Android devices that are running Android two (Gingerbread) or later until September 2024.

1 Like

Only for sites who have chosen NOT to be Android compatible. Users with Android 7.0 or older of sites using the default Let's Encrypt settings should not have any issue.

For more info see:

2 Likes

I think this may need some clarification:

I just tried with a Samsung Galaxy III (Android 4.4.2)
and it didn't like the test :frowning:

[the Samsung Galaxy S8 (Android 8) did work]

1 Like

valid-isrgrootx1 is deliberately not serving the IdenTrust cross sign and thus can't work on devices not trusting ISRG Root X1 (which means all old Androids).

3 Likes

Then which is it for older droids?
Extending Android Device Compatibility for Let's Encrypt Certificates - Let's Encrypt (letsencrypt.org)
shows:

2 Likes

The "new default chain" is supposedly compatible with old Androids, because it contains a cross sign signature up to DST Root CA X3 - this root is known to old Androids and they will use that as their trust anchor. Let's Encrypt currently provides this chain by default, unless sites manually request/configure the alternate chain.

valid-isrgrootx1 has always (from the very beginning, even before ISRG Root X1 was in trust stores) serving a chain terminating at ISRG Root X1, because that is its purpose. Right now this means that it is serving what LE calls the "Alternative chain".

4 Likes

The Prod directory endpoint is currently serving the android compatible chain if you want to test that. I forget which thread it was in, but I believe the plan was to continue serving the long chain for the time being as well.

3 Likes

This forum too :grinning:

It was the other way around. Because (hopefully) almost no ACME client runs on Android, but lots of ACME clients use old TLS libraries, it makes more sense to use the alternate chain for this endpoint. They said they wanted to switch the endpoint, but haven't done so yet.

2 Likes

The good news is that https://commnity.letsencryt.org is working just fine on Android 4.4.2 :slight_smile:
So it is definitely possible!

4 Likes

Well DST Root CA X3 hasn't expired yet, so if your phone is not set to the future, this test isn't 100% yet. LE said Android won't validate expiry dates on trust anchors, but if you want to verify that statement, you need to test with an expired trust anchor - and DST Root CA X3 is not expired, need to wait about 2.6 days (or fake time, if that's possible).

4 Likes

Inspired by @rg305 I tried a moth-balled Android 4.4.4 with Oct2 2021.
The web page displayed a green padlock and I saw the same detail page as Rudy - all good. But, in the 'details' info just prior to that I saw this - note the red X box.

20210927_221242

Just for fun I note below - not a cert issue I know :slight_smile: I could not view much of the site.

4 Likes

@MikeMcQ, I use Chrome on Oldroid :slight_smile:

2 Likes

I did too - note the 'Chrome' in the verbiage of the message

1 Like

hmm...
Then, do we NOT have the same version of Chrome?
[that would be weird]
No I'm going to have to boot that phone again - just to get the version of Chrome! - LOL
Thanks Mike :wink:

1 Like

Chrome 81.0.4044.138
Meanwhile... it also states:
"Copyright 2021 Google LLC. All rights reserved."
[how in the heck is that old code copyrighted this year!]

1 Like