Old smartphones are getting an error message

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: member.kcdb.net

When some of our customers try to open up a website (which is certified by lets encrypt) this warning pops up: This certificate was not issued by a trustworthy authority
Most of them use a htc one, which is quit old but that shouldn’t be a problem, they can access other websites without any problem.
Why does this happen?

1 Like

Welcome to the Let's Encrypt Community :slightly_smiling_face:

This is likely owing to the recent DST Root CA X3 root certificate expiration and the fact that member.kcdb.net is serving the "short chain".

You can see what member.kcdb.net is serving here:

https://decoder.link/sslchecker/member.kcdb.net/443

Note that there are only two certificates being served rather than three, which indicates the short chain.

3 Likes

There is a simple test if switching to the "long chain" described by Griffin will help your site. Ask an HTC person to access https://letsencrypt.org It uses the "long chain" so if that works your site would too once you switch to using that.

3 Likes

I just realized you are using Windows IIS. See this thread for more details about IIS and supporting old Android devices.

I would still ask one of them to try accessing letsencrypt.org - there may be other issues with them given they are so old

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.