My domain is:www.funtrivia.com
Redhat / apache
I've been trying to work out what we need to do to get ancient browsers to not puke on this root cert expiry.
- Updated certbot and apache connector via redhat yum. That installed certbot 1.11.0
- Ran certbot renew --force-renewal
Still getting some users saying they cant connect or are getting strange messages about their system clocks being wrong.
Please let me know what I need to do to get the "cross chained" stuff working so older clients dont puke.
What's the reason and indication to run that command?
Hi @westcoast42, welcome to the forum! What operating system and version, and what browser and version, are your visitors seeing errors on?
There are some details at DST Root CA X3 Expiration (September 2021) - Let's Encrypt about the expiration. Long story short, some old operating systems like OS X 10.11 and below just won't work with Let's Encrypt certificates from now on. Fortunately, OS X 10.12 supports most devices from the last 11 years. But if you let us know what devices you're targeting we can help in more detail.
"What's the reason and indication to run that command?"
Read in one of these threads that forcing a renewal should install "cross chained certificates" that fix the SSL issues for users on ancient browsers. Not sure if that is any truth to that or not, but it seemed like an easy thing to try.
Interestng - One of the issues is with a user using Google Chrome OSX 10.6
So this "cross signing" stuff I have been reading about simply won't help in cases like this?
The above user was unable to upgrade her browser for whatever reason.
Wow, that's quite old! Looks like OS X 10.6 is from 2009. I wish we as a software industry could keep devices running with secure updates for 12 years, but unfortunately the status quo is that we can't.
I'm afraid not.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.