I found that the Letsencrypt SSL certificate is untrusted on some Android cell phone, But it works fine on IOS device and browsers.
I check the SSL security online .the result shows that it is failed on java 6u45 and java 7u80.
below is my nginx config
Could you please help me about this ? Thank you very much!
My domain is: www.haoshiqi.net
My web server is (include version): nginx/1.15.10
The operating system my web server runs on is (include version): CentOS Linux release 7.6.1810
I can login to a root shell on my machine (yes or no, or I don’t know): yes
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): not certbot
ssllab test says that you won't use traditional DH (your server doesn't allow that) and site only works with browsers that support SNI (but this supported from android 4.0) how old thoses android phones are?
Please share us your Nginx configuration file by using nginx -T.
Also please make sure you have full root access for the IP address, since you’ll need the “dedicated IP” if you want to support a client without SNI support.
I am not sure. I encountered this problem several times on different cell phones . but I can’t reproduce this problem now
it may be just a time scew so that cert was not yet valid on thoes clients, but as time goes it resloved itself. LE backdates cert an hour because of it, but it may be not enought if time difference is large enough
# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;