This is not really related to letsencrypt.org, however maybe someone has any ideas: starting today my main iPhone iOS 15 is marking my letsencrypt certificate as "not trusted, expired 29 september 2021", however the certificate is correctly issued using the new "R3 <- ISRG Root X1" path, I triple checked and also checked it using crt.sh / other certificate checkers.
This only happens on my main iPhone (where I have stumbled upon the old R3 certificate in the past), on any other device (laptop, desktop, other iPhones with iOS 15, iPads, etc) it's trusted/working as intended. Is there any chance that my main iPhone has a cached version of the old "R3" and doesn't want to refetch the new "R3" due to the same name? I tried shutting it off and turning it back on, no success. I do not want to do a factory/full settings reset.
We can't really help you without knowing the hostname, but a likely cause is because your server doesn't send the intermediate certificates. This causes clients to fetch them themselves and may lead to what you're seeing.
Ill be glad if you'll clarify, isn't it a good practice to provide just the certificate itself instead of the whole chain?
This way you rely on the OS vendor to provide the correct root and intermediate certificates and which make an attacker who will provide his own chain for a known site fail?
If it is so then I think its in LetsEncrypt's interest to contact apple and ask them to update the root/intermediate certificates they provide to their clients, am I right?
