Hi @alexei1711 welcome to the LE community forum 
Why are you using faketime?
That date is before that cert was issued:
sorry, now curl output is empty
but android clients have:
TlsException: Handshake failed - error code: UNITYTLS_INTERNAL_ERROR, verify result: UNITYTLS_X509VERIFY_FLAG_NOT_TRUSTED
maybe I need to wait for some time?
for another site the curl command return html page
Time won't fix:
Which O/S are you on (client)?
What version of OpenSSL are you using (client)?
few clients with Ubuntu 20.04 openssl 1.1.1f now it's working OK
many Android clients with version 7.0 and higher. openssl from the system. some did not work, but if clients clean the cache, they start working
I waited a couple of hours. apparently it was necessary to wait a little longer until the cache is updated, sorry
thanks for the quick response!
1 Like
I try renew cert, and use "https://decoder.link/sslchecker/media.lumi.com.vn/443" to check ssl. I seem "Issuer Common Name DST Root CA X3" smartphone an PC, worked, but devices embed(IoT) return cert expired. I try remove the last certificate in fullchain.pem. PC and smartphone still worked, but devices embed(IoT) return "Verify return code: 20 (unable to get local issuer certificate)" and not connect
Env:
OS: centos7
opessl: 1.0.x
certbot: 1.11
had How way remove CA X3, my device embed still work?
You may need to switch to an alternate free CA that supports the ACME protocol.
Like:
ZeroSSL.comBuyPass.com
1 Like
I updated my version of certbot to 1.20.0 on Ubuntu 18.04 by following the instructions here, basicly you apt-get remove certbot and then "sudo snap install --classic certbot" followed by "sudo ln -s /snap/bin/certbot /usr/bin/certbot"
after that, the --preferred-chain parameter worked
3 Likes
Hi @dkhilo welcome to the LE community forum 
Glad to hear that you were able to resolve that issue so easily.
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.