Ssl encrypt is invalid in the mobile version of Mozilla and Chrome browsers

Not only did I clear my phone's browser cache, but I logged in with another phone I had not used before and it had the same problem.
I do not have a problem with the computer and the problem of the mobile version of Chrome browser was also solved, but the Mozilla browser version of the phone still exists and considers this ssl invalid.

1 Like

I can't duplicate this on my iPhone; the site loads without issues. ssllabs.com doesn't show any relevant problems either (there are some issues, like that you support TLS 1.0 and 1.1, but those wouldn't cause what you say you're seeing). I suspect this is something with the network you're using for the mobile device.

4 Likes

That server is sending the 'short chain' which is not compatible with older Android clients. What version of Android are you using on the remaining system with a problem?

The 'short chain' is not the default chain from Let's Encrypt so you must have chosen that for some purpose. Here is more background on the long and short chains. This forum site for example uses the long chain.

UPDATE: @hassanjf Oh, I just realized your server is IIS. That chooses your chain for you. Still, the above applies and what version of Android is causing a problem?

4 Likes

Thanks for your reply
What browser did you test on your mobile?
The above problem occurs only in the mobile version of the Mozilla browser

2 Likes

Thanks for your reply
This problem occurs in the Mozilla browser of the Android version. I did not have an iPhone to test

2 Likes

What version of android?

4 Likes

this is 7.0

1 Like

Yes, that is a known problem with the 'short chain'. It will not support secure connections with older Android versions. See the link I provided earlier.

There are some threads about what to do with Windows IIS and the short chain but I do not have them handy. Maybe another volunteer can provide further advise. Or, I might have time later today to look.

4 Likes

thanks

2 Likes

Tagging @webprofusion for IIS support

4 Likes

I found one of the older threads that I have given to people before. If that does not help you will have to wait for a Windows expert like griffin alerted or @rmbolger who also commented in the below thread

3 Likes

Thanks @MikeMcQ. The workarounds in that thread are still relevant and remain the only way to force Windows to serve the long chain that I know of.

However, wasn't one of the original workarounds to the lack of old Android support supposed to be switching to a mobile browser like Firefox that didn't use the underlying OS's trust store? And if so, shouldn't it be working on @hassanjf's device since he's using "Mozilla" (unless it's just a really old version of the browser app maybe)?

6 Likes

Yes, that was my understanding too that Firefox would still work. I was not sure what they meant by Mozilla either but since I could not advise on what to do about IIS anyway I cried for help :slight_smile:

4 Likes

To cut a long story short, if you need to support the widest range of clients (old versions of android etc) it basically easiest to use ZeroSSL instead of Let's Encrypt. This is because their root certificate is still trusted on older operating systems (it expires in 2029 I think).

5 Likes

is free the ZeroSSL ??

1 Like

Yes. (Currently it's free of charge. But it's a commercial CA, so you never know what happens in the future..)

6 Likes

how get it?

1 Like

That is a question for who supports the ACME client you are using.

This is a forum for helping people with Let's Encrypt certs :slight_smile:

5 Likes

See ACME Automation - ZeroSSL

Really though you need to google that for yourself I'm afraid, ZeroSSL don't really provide a support community. If you can't figure out how to use ZeroSSL I would recommend hiring someone to help with your certificate management in general.

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.