If you edit your fullchain.pem file you will see it is a text file with multiple certificate entries. You can paste the last one into Certificate Decoder - Decode certificates to view their contents and that should confirm it is ISRG Root X1 issued by DST Root CA X3. If you then remove that entry from the file your chain will be [Your Cert] > R3 (Issued by ISRG Root X1), then clients will resolve this to the shorter (modern) chain. You may need to restart nginx.
thank you very much for your support, I'm did it but the issue still showing and this is the result:
Your certificate looks good and is using the modern chain. This chain is not compatible with old versions of Android which don't know about the ISRG Root X1 certificate.
If you need a mix of support for old and new devices I would suggest changing certificate authority but you would need to test whichever alternative you choose (ZeroSSL, BuyPass Go etc) with the client devices.
dear, could you let me know if there is a paid cert that I can use to solve this issue,
I think it's better than a free one right because Letsencrypt make a big problem and I think we should change it forever
openssl s_client -connect live.redtaxi.cab:443 -servername live.redtaxi.cab | head
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = live.redtaxi.cab
verify return:1
CONNECTED(00000005)
---
Certificate chain
0 s:CN = live.redtaxi.cab
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
---
That is the "shorter" chain.
Nothing is forever.
All root certs have expiry dates - even the paid ones.
Let's Encrypt did NOT make this problem.
It is better.
Only you can know if it works for you.
yes, it's working for the android app.
but I can't access the dashboard from the browser
domain: admin.redtaxi.cab
also, there is Letsencrypt Cert and I made all steps that you sent previously
Then you need to update your root trust store.
It is likely missing the "ISRG Root X1" cert.
Which system?
Which browser?
yes dear @rg305
I know that there is an expiry date for all root cert and I'm using Letsencrypt for many years
this is the first time that happened
You don't have to tell me about what happened.
That image shows it all trusted.
Please show the error page.
Maybe clear the browser cache nd reboot (if needed).
Read this post:
dear @rg305
good day to you,
the issue is not solved yet and there are many people who have the same issue and posted here tickets
I'm using windows 10 so there are any official solutions from Letsencrypt?
Regards
@saleh
I don't understand the problem you are having.
Please show a picture of the error message (include the URL if using a browser).
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.