Hi.
My Nginx server was impacted buy the CA expiration. I don't understand why because our cert was issued in june 2021, and LE team claimed that the issue was anticipated starting this date. Every Android version was concerned, including latests (v9,10,11) contrary to what has been said last days. The client app having an issue was developed with Xamarin and they faced this error on every Android devices
Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
In the rush, I temporarily edited my fullchain.pem file and deleted the last certificate, which worked pretty well. Now I'm looking for a more reliable long-term solution.
I understood that I had to update certbot to at least v1.12 to gain a --prefered-chain option while renewing in order to force ISRG Root X1, with certbot renew --preferred-chain "ISRG Root X1". But I'm stuck on v0.31 using the debian 10 native package, with no --prefered-chain option.
I also know that I could install a more up to date version of certbot using snap : https://certbot.eff.org/lets-encrypt/debianbuster-nginx The question is : do I have another option? Is an update via apt-install planned by the certbot team for the net few days, or do I need to migrate on the snap package?
Thank you.
