http://nextcloud.tekstar.us/index.php/s/rJ3jWwPuWo2L5RW
I started getting this error and I purchased a new key from godaddy and it went awayso are they blocking it
![IMG_6083[13899]](https://global.discourse-cdn.com/letsencrypt/original/3X/e/f/eff3e2675f9e94b45137e44b5fbedd22750979bd.jpg)
Hi @wesswhite,
In our experience, iOS accepts Let’s Encrypt certificates. You can confirm that by accessing this forum with an iOS device (this forum is protected with a Let’s Encrypt certificate of exactly the same kind as your certificate above).
To diagnose this problem, I would suggest looking at the “More Details” offered in the iOS interface, or else trying a test with
https://www.ssllabs.com/ssltest/
This can reveal if there’s a problem with the configuration that would prevent devices from accepting the certificate. The most common case is failing to configure the web server with the chain (intermediate) certificate, which is required in order for some devices to learn that Let’s Encrypt is a trusted certificate authority. The chain is provided to you when you originally obtain your Let’s Encrypt certificate, but it may be provided in a separate file and your web server may not actively require you to provide it, even though some devices will require it to be provided by the web server.
Since you’ve already changed your certificate, we can’t do any tests of our own to determine what the original problem was, unless you try putting your Let’s Encrypt certificate back up on your site.
1 Like
I’ve tried that without success, it’s like there blocked and if we disable the CA request it works, and using another key provider it works
Let’s Encrypt is known to work on iOS. As @schoen has mentioned, trust issues on supported platforms are typically due to server misconfigurations (such as a missing chain certificate).
Unfortunately it’s not possible to determine retroactively what the issue was now that the server is using a certificate from a different CA. If you’d like to look into this further, you’d have to restore the problematic server configuration (or reproduce it on a different server/hostname), test it using SSL Labs or a similar tool and post the results here. If you already ruled out server configuration issues like missing chain certificates before, please describe how this was done.
1 Like
The outcome described is what can be expected when “cert.pem” is used instead of “fullchain.pem”.
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.