Thanks a ton! @rmbolger
It helped a lot, the issue has been resolved and working perfectly on older devices.
Let's Encrypt community is very supportive and thanks a lot to experts like you who are working hard day and night to support this community.
Everyone, please follow this link those who want to support let's encrypt certificate on older devices, suggested by @rmbolger
You can follow the below steps, I've tried to make it simple.
Note: These changes I've made on Windows Server 2012 R2.
-
Do not remove the DST Root CA X3 certificate (Expired on 30/09/2021) from Trusted Root Certification Authorities.
-
ISRG Root X1 certification self-signed and cross-signed both should not be in Trusted Root Certification Authorities.
-
ISRG Root X1 certification self-signed (Expires on 04/06/2035) should be in Untrusted Certificates.
-
ISRG Root X1 certification cross-signed (Expires on 30/09/2024) should be in Intermediate Certification Authorities.
-
Remove old R3 certificate from Intermediate Certification Authorities.
-
Add current R3 certificate (Expires on 15/09/2025) to Intermediate Certification Authorities.
-
After completing the above steps server reboot is mandatory to reflect the changes.
-
That's all! Your issue is resolved 100%
You can use Namechep SSL Checker to verify the chain being served.
We've resolved the issue for this website www.onlinevidyalaya.net
Our clients are happy after this solution.
Have a great day! Again thanks to @rmbolger and the Let's Encrypt community.