Hello, since September with expired certificates of let enscrypt, some of our customers on mac os cannot connect to our application. This problem only occurs on mac OS, on Windows the root certificat automatically changes from DST Root CA X3 to ISRG root the new one. I have seen the same problems on the Internet but all advise to manually install the certificate and we cannot do something like this for all our customers. I also notice that the problem only concerns the old mac under version 10.12 , but we tested on several mac with the latest version and it’s totally random, on some of them it works and not on others. Same on iphone. Is there a solution to this problem?
The problem is your server is only sending your "leaf" certificate. It should send all the "intermediates" too. Without the intermediates a browser will guess at what should be and some will get it right and others will not.
I see from your http response headers you are using nginx 1.14. You did not say what ACME client you used but if certbot it looks like you are using "cert.pem" where you should be using "fullchain.pem" (with the appropriate path to the file).
Post back the lines of your nginx conf for the cert definitions if you want further guidance
Thank you for your answer, we solved the problem thanks to you. We use a modsecurity WAF (web application firewall) and we have added as you say the root and intermediate certificates to our WAF and it works now.
For people with the same situation with Modsecurity WAF there the step you need to follow:
Than you’ll need to concatenate your three certificates. In first your application certificate , the intermediate and the root certificate from Let’s encrypt.