Follow

I have here an Android app which says it doesn't trust my SSL certificate -- presumably because it doesn't know Let's Encrypt -- but doesn't give me any way to override or add Let's Encrypt as a trusted root.

Possibly it's using Android's cert manager? But I added the cert there and it didn't seem to make any difference. Regardless, this isn't something the user should be expected to know how to do.

For extra annoyance: it was working last week, and as far as I know the cert has not changed since then.

· · Web · 1 · 0 · 1

@woozle

could it be that the expiation date on the cert has passed?

do you have a screen shot (or error message) that might give the reason (or a facsilie thereof) why it does not trust the cert?

@js0000 I checked the expiration date, and I used an SSL checker to look for any other problems. It confirmed that

The certificate is not signed by a trusted authority (checking against Mozilla's root store). If you bought the certificate from a trusted authority, you probably just need to install one or more Intermediate certificates. Contact your certificate provider for assistance doing this for your server platform.

...but said everything else is fine. (It's at manor.hypertwins.org if you want to verify.)

If there's a way to get an intermediate cert for Let's Encrypt, I've not heard of it.

Error screenshot:

@woozle

i think you need to update your web browser's list of trusted roots (i think you may have already said this ...) maybe let's encrypt website can help ... ?

it's your browser's configuration (and is more difficult than it needs to be)

🍀

@js0000 The error message is from a mobile app, not a browser.

I mentioned somewhere that I tried to add the cert to the official Android list on my phone, but that didn't seem to make any difference and I don't know if it's even necessary (and that isn't something which a user should be expected to know how to do).

@woozle

so you'll need to update apps list of root certs (if possible)

or open a ticket with vendor ... ?

i think you have reached the end of any potentially useful advice i may be able to give

bonne chance!

@js0000 The thing about apps not recognizing Let's Encrypt has been a thing ever since Let's Encrypt has existed, though; this is just the first time I've run into an app that didn't offer a way around it.

Sign in to participate in the conversation
Toot.Cat

On the internet, everyone knows you're a cat — and that's totally okay.