Let's encrypt certificate and Android app mismatch

Those roots change pretty rarely (barring a major screwup that requires early replacement). The intermediates (which may be what you were trusting before), change more often (though the one for Let's Encrypt hadn't changed for quite some time until recently).

You may want to subscribe to the API Announcements category on this forum, where you can get an email when Let's Encrypt staff post there about major changes.

You may also want to add a CA to your device's trust store besides the ones for Let's Encrypt. While Let's Encrypt is likely to be around for the long haul, it could experience an extended-length problem around a time you need to renew your server certificates, or suddenly run out of funding, or otherwise not be where your next certificate comes from. This could be a certificate authority that you set up yourself. Check out this somewhat-recent thread with some thoughts on things to consider when building your own root store for a device.

Well, I suppose. I guess I was trying to separate out more clearly what the server-side needed to do from what the client-side needed to do, since the message seemed muddled in my probably-too-quick read through the thread. I certainly wasn't trying to disagree. :slight_smile: