My domain is: combien.online
My web server is (include version): nginx 1.19.6
The operating system my web server runs on is (include version): debian 9
I can login to a root shell on my machine : yes
The version of my client is : certbot 0.28.0
Hi!
My site is working properly, but since October 1st, users with old versions of Firefox (Firefox/45.0) or old version of Mac OS X (Mac OS X 10_11_6) can't access it anymore, they have an expired certificate error.
So I tried to install Firefox version 45 on a Macbook (up to date) and I have indeed a SSL error " SEC_ERROR_EXPIRED_CERTIFICATE" .
Everything had been working for years without a problem, this has been happening for 8 days.
Yep! But I have another site with let's encrypt installed on my server (certbot) that has the same problem since October 1st.
Since October 1st, about 20 people have contacted me to report this on my different sites (all on different servers, some with cloudflare, and others not).
With the test I did, I am on Mac Big Sur 11.6 and Firefox 45.
The problem is that it's my users who are experiencing this problem, not me. On my side, everything is up to date. I just installed this version of Firefox to reproduce the problem.
The problem has been occurring for a few days. There is no "fix" on my side to support the old versions except to say to update for those who manage to contact me?
And that we need a recent version of certbox to regenerate the certificate with the parameter --preferred-chain "ISRG Root X1" (I will have to fill in this parameter every month during the certificate update check?)
Version 1.12.0 of certbot (OR a patched version certbot-1.11.0-2.el7 from Fedora EPEL 7) is required for the --preferred-chain functionality. When a certificate has been successfully issued with that option on the command line, the option is stored in the renewal configuration file for that specific certificate. So after a successful issuance you won't need to use it again for that cert.