Let's Encrypt not working with iOS Desktop for Safari and Chrome

jstanek · October 1, 2021, 3:52pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: americanlabrescue.com

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: A2

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

MikeMcQ · October 1, 2021, 9:39pm

@jstanek Welcome to the community.

I believe you have a typo of the domain name in your post. I think you meant americanlabrescue.com - not amercian...

Assuming that, the chain you serve is the so-called 'short-chain' ending with the ISRG Root X1. Nothing inherently wrong with that but it will exclude older Android clients and certain others.

As to the problem in the title of your post, I am not an Apple expert but there are apparently problems with older OS X. The below post by a Lets Encrypt Engineer explains that. If that is not helpful, please provide more details about the version of the clients OS and browser having problems reaching your site.

JimPas · October 2, 2021, 1:39am

I edited the domain name to correct the typo.

jstanek · October 4, 2021, 8:28pm

Thanks for editing the URL, yes that was a typo

jstanek · October 4, 2021, 8:31pm

so it looks like the only fix is a manually intervention...
Our clients are not going to be happy with that solution. Is it possible to tweak the auto script that our hosting company is using to automate the Let's Encrypt every 90 days? We have a dedicated server.

Thanks
Jeremy

schoen · October 4, 2021, 10:18pm

Hi @jstanek,

Can you confirm whether using the short chain achieves the level of compatibility that you're looking for?

If it does, it should indeed be possible to automate the selection of the short chain on your server.

jstanek · October 5, 2021, 2:43pm

Hi Seth,
Thanks for reaching out to me. I'm not sure if it's a "short chain" on the server or not but I can find out from the server support folks. Not sure if this helps or not but I took a screen shot of the different levels of the SSL. Is possible that I should try a different level?

Thanks a bunch for all your help!
Jeremy

system · November 4, 2021, 2:43pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.