My website https://yintrust.com uses a Let’s Encrypt certificate, which works fine in any browser, but starting from last month, The certificate is not signed by a trusted authority is displayed on the Android 6.0.1 browser. This is weird, it was displaying fine before and suddenly it has problems. For testing, I have another website https://howiezhao.com, which also uses Let’s Encrypt’s certificate, but it displays fine on Android 6.0.1 browser without any security issues. This confuses me. They are both Let’s Encrypt certificates. Why can one website display normally but the other cannot? Can anyone help me? Thanks
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
The site that fails is using the "short" certificate chain. The site that works has the normal long chain. There was an error on Nov13 when yintrust was renewed that caused this. Just renewing yintrust cert should fix that. You can see the cert that your site uses with a website like https://decoder.link/sslchecker/yintrust.com/443
Note the longer chain will be expiring and not available starting early next year. If you need to support older Android please follow the next link for instructions and guidance
Thanks, guys, I updated the website certificate and it's working now. I read that article, so if we want to use Let’s Encrypt certificates on Android 6.0.1 next year, we will have to use Firefox Mobile? Will systems after Android 7.0 be unaffected?
While you probably do not control the Android devices used by your site's vistors, you might want to encourage any of your vistors that are using Android versions older than 11 to upgrade as they no longer receive security updates.