X3 certificate not recognized on mobile browser


#1

Wondering if we missed someting, but the certificate of Let’s encrypt is recognized on the desktop Browser Chrome Firefox as well as Opera, but on two mobile android mobile phones the same page is not accepted with that certificate. On mobile phone runs Android 6 the other 4.2 https://ublun.com


Nginx incomplete certificate chain
#2

Your certificate chain is incomplete, meaning the intermediate certificate is missing. This will lead to issues with browser which don’t have the intermediate certificate cached already from a previous visit to a site using Let’s Encrypt.

Make sure you’re using either fullchain.pem or chain.pem somewhere in your apache configuration (depends on your apache version - the Mozilla SSL Config Generator might help)

You can confirm the fix using SSL Labs (I’d recommend taking a look at some of the other issues that show up as well).


#3

Thanks PFG your advise helped us, we could fix it.


#5

Just to follow up on pfg’s comment - the Mozilla SSL Config Generator is excellent, and that’s what I used to get A+ on SSL Lab’s test.

However, there are a few mobile apps that can’t connect if you use Mozilla Modern. In particular for me, the ownCloud app was giving me “SSL Initialisation Failure” errors. It took me WAY longer than it should have to realise it was my ciphers, not my certs or protocols.

I slightly relaxed my cipher list and my mobile app started working again (and I still get an A+ from SSL Labs).

Good luck!