I've been working on an Android app that connects to a server via SSL using Let's encrypt certificates.
My domain is enginev2.genomapp.com.
My server is an Ubuntu with Nginx and docker.
Let's encrypt installed these files in my server:
and in my Android app I'm using this cert.pem file to make the match.
This has been working perfectly for a long time. My cert has been renewing without problems and my Android app has been working with that cert.pem file so far.
This year, on May, I received an email from Let's encrypt telling that letsencrypt-nginx-proxy-companion will no longer supports ACME v1 endpoints and I would have to updated it to ACME v2.
So I updated my Let's encrypt to v2, everything went well, my cert was renewing without problems, my Android app kept working, etc...
Last night Let's encrypt renewed my cert (as usual I though) but this time my Android app stopped working. The Android error was that there was a mismatch in my SSL cert and the handshake couldn't be made.
I've had to take the new cert.pem file into my Android app and upload a patch quickly to Play Store.
The logs related to this renewal were completely normal.
So my doubts:
- Has anything changed in the way Let's encrypt renew the certs so now they don't match with the cert file used on Android app?
- Is it OK to use the cert.pem file in my Android app or should I use one of the others?
- What happened last night, does it mean that from now on everytime Let's encrypt renew my cert I will have to update my Android app and upload a new version to Play Store? I don't think so.
- But, If this is the case (everytime Let's encrypt renew my cert my Android app will stop working), what should I do to avoid this?
Thank you very much and kind regards!