https://developers.cloudflare.com/ssl/ssl-tls/certificate-authorities
Edit: As I said it depends, I don't know how % you have to get a LE certs, but I would say 25%?
You need to pay if you want the possibility to change the CA tho.
Hey @Lapa,
Our testing team cross-checked with many clients on older devices and Windows 7 systems as well. And it works completely fine.
Thanks!
1 Like
I must be mistaken about the nature of the problem and this topic. Maybe we are not talking about the same problem then. I'm talking about certificate validation. Here are the reports I got from my side.
I'm still actively looking for a backend only solution since I still have a few sites that have this problem.
Maybe it works in your specific case, I'm not sure, but as long need to do an XHR request to some subdomain/other page of your website it will break if the certificate is not valid.
Yes they do. But only via ACME, not their normal website interface. Their pricing page seems to be deliberately confusing so they can trick people into paying for certs. Take a look at this page instead. Here's the important part:
By using ZeroSSL's ACME feature, you will be able to generate an unlimited amount of 90-day SSL certificates at no charge, also supporting multi-domain certificates and wildcards. Each certificate you create will be stored in your ZeroSSL account.
My solution is only intended to help Windows server administrators configure their systems to serve the old Android compatible default chain instead of the more modern short chain. It definitely is not intended for client use and will break more than it fixes on clients.
I'm not sure what you mean by searching by file extension though. Windows certificate stores don't live on the filesystem. They're in the registry stored as binary blobs named after their thumbprint.
The vast majority of normal users running Windows 7 should be upgraded to Windows 10 by now. It has been a free upgrade practically since release in 2015. Upgrading is still free last I checked and just about any hardware that is capable of running 7 is also capable of running 10. Windows 11 is about to be released and yet Microsoft has committed to supporting Windows 10 until at least 2025.
That said, I'm not sure why you think Let's Encrypt has made a choice not to support Windows 7 users. Nothing that has happened in the past few days has been a choice. It's all part of the inevitability of web based encryption relying on a system of certificates that have expirations which can't be modified by anyone. Windows 7 is still perfectly capable of working with sites using Let's Encrypt certificates. I literally just spent an hour building a Windows 7 SP1 machine from scratch using a DVD image. I'm not even done patching it yet and I can already visit the Let's Encrypt website and API without any certificate warnings using IE 11.
You know what's interesting though? When I try to visit your site in IE 11 on that Windows 7 machine, this is what I see.
No certificate warnings, but a scary pop up demanding I change my web browser to something more modern. How can you cast aspersions about leaving old things behind when your own website does exactly that?
I understand you're frustrated and don't really understand what's going on. But maybe try being a little more compassionate and less passive-aggressive when asking for support from a community of mostly volunteers and a company that is providing services to the entire world for free. Everyone is doing their best.
5 Likes
Great message! Thank you and it is very enlightening. And wow this ZeroSSL thing could save my life then, and I was fooled by their pricing message ahah!
Indeed for the windows server administrator, the storage of the certs seems to be painful. Hah fool me, you nailed me.
I actually understand now that everything is planned in advance. And that there is no turning back. In the end the only solution is to find the last certificates supported by the largest number if I understand correctly? When I read all the messages I see many people with the hope to be able to solve their problem with Let's Encrypt (a bit like the OP currently) to solve this problem when in fact if I understand correctly it is impossible.
I can imagine that being able to postpone the deadline for a few years seems to be a residual artifact of your opinion (I'm just assuming), but for many others it is terrible.
I trust you if you tell me that the users of windows 7 are a very small number. Even if I am forced to note that I have had hundreds of messages from these users while the user base that uses my services is not so big. It's not an option for me to ask them to upgrade their system.
I bow to your answer! On the other hand, the IE11 comparison is still crude 
, and besides, it's not even my website, it's the OP's one. Although to reassure the OP I'm pretty sure that most websites are unusable with IE11 nowadays.
Again, thanks for your enlightening message and I'll look into ZeroSSL, it's honestly the answer I was looking for. Cheers!
1 Like
Thank you very much @parth.patel! I had huge problems with older devices (Android 4.x) but after applying these steps, it seems to work 
1 Like
Just wanted to let you know, that I finally ended up in changing root authority to ZeroSSL.
While the solution made my application run on older devices, Certify The Web application couldn't auto renew certificates. Additionally, some users couldn't consume my APIs.
Using Certify The Web, switching to ZeroSSL was extremely easy. Now everything runs smooth again.
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.