My domain is:
sudo certbot --nginx
Ubuntu 20.04.6 LTS
This API is used for mobile apps.
There is no problem for IOS, but there is for Android devices.
When we check the Cert Chain I come across this issue.
Update September 30, 2021 As planned, the DST Root CA X3 cross-sign has expired, and we’re now using our own ISRG Root X1 for trust on almost all devices. For more details about the plan, keep reading! We have also updated our Production Chain...
It's just not clear to me how to solve this.
Does an adjustment have to be made to the App / API / or the way I generate the certificate?
Thanks in advance!
You are using the standard "long" chain that Let's Encrypt offers by default, this exists (using the expired) root or general compatability with older devices. You can optionally use the newer unexpired
ISRG Root X1 issuer using
--preferred-chain "ISRG Root X1"
Are you sure the problem is certificate chain? Which version of Android is having problems?
I used the "--preferred-chain" option and it seems solved, still need to do some testing.
But on auto-renewal, is this certificate using the "correct" chain again?
I believe it will but I think you can check your /certbot/renewal/.conf file to confirm the options it will use upon renewal.
That seems right indeed!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.