I've got new TLS certificate (letsencrypt) - works at the Firefox BUT: my mobile app (Kotlin) shows only blank page. I don't know why. I searched at the internet but I cannot find the solution. My fix for some days: using old certificate.
What I must to do? This is my bash command for create certificate: letsencrypt certonly --force-interactive --renew-by-default --webroot --webroot-path /var/www -d $domain
...
I'm trying and trying: In Webview does not work all certificates created by 29 Jun (I have since then new lets-encrypt-r3 certificate).
When you opened this thread in the Help section, you should have been provided with a questionnaire. Maybe you didn't get it somehow (which is weird), or you've decided to delete it. In any case, all the answers to this questionnaire are required:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Please don't use this option. The usage for this option is very limited.
Also, Certbot was once called "letsencrypt" as an ACME client, but that was back in 2016 I believe.. I hope you're not still running such an ancient version of Certbot?
certbot 2.1.0
My web server is: Apache 2.4.61
The operating system my web server runs on is: Debian 12
My hosting provider, if applicable, is: me at my server.
I can login to a root shell on my machine: yes
I'm using a control panel to manage my site: no.
Please answer all the questions, especially the mandatory one at the top.
Also, while reverting to the old, working certificate helps your website work in Kotlin/webview, it would make it harder to debug the issue for us. Can you reinstate the new cert/non-working situation, or is that a no-go due to uptime requirements?
I'm still using old certificate because I want my app to work. But I can do some new certificate for some URL. I tried it - it now works too in my app.
You're right.
I downloaded E6 here: Chains of Trust - Let's Encrypt
And I changed setting of sudoku.vsevjednom.cz. Is it better? This is maybe my problem.
The chain looks OK now, but you shouldn't have needed to download the intermediate from the chains of trust page. It was provided by Certbot when you got the certificate.
WOW! WOW! WOW!
SSLCertificateChainFile /etc/letsencrypt/live/sudoku.vsevjednom.cz/chain.pem
IT WORKS!
But asteroid.vsevjednom.cz still not works :(.
Setting of this URL is changed. Solution will be fast I hope.
Yes, the intermediates are chosen at random. Deliberately. So users (like you ) will stop hardcoding intermediate certificates, but always use the one provided together with the cert.
Note that your Apache version doesn't require SSLCertificateChainFile. Providing SSLCertificateFile with fullchain.pem should suffice.