X3 Let's encrypt expired for Android 7.1 and older

If you are affected, and Android 7.1 and older is not able to connect with your server,
check on SSL Server Test (Powered by Qualys SSL Labs) if your Let’s encrypt Root CA X3 is expired:

DST Root CA X3 Self-signed
Fingerprint SHA256: 0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739
Pin SHA256: Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys=
RSA 2048 bits (e 65537) / SHA1withRSA
Valid until: Thu, 30 Sep 2021 14:01:15 UTC
Weak or insecure signature, but no impact on root certificate

SOLUTION: choose in menu for your domain ssl-tls and tab “edge-certificates”. Here click “Order advanced certificate” and choose the one from DigiCert. And remove the let’s encrypt one from your domain.

You are welcome!

More about affected devices: Let's Encrypt's Root Certificate is expiring!

That’s a reliable solution, but it’s $10/month.

For free, I think Support can re-generate a regular free DigiCert cert if you ask nicely: support AT cloudflare DOT com

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.