Closed fntc closed 6 months ago
Thanks! ❤️
Note that this workaround will only function until June. If you require old android compatibility and don't control the device trust store then you should switch to a different certificate authority. https://acmeclients.com/certificate-authorities/
Since Feb 24 Letsencrypt will be default give back a certificate with the short chain which will fail to validate on old android devices (<=7.0) and will also fail validation on Azure Websites.
A workaround is to request the 'Full chain' by specifying the certificate up to which the chain should be specified in the downloaded certificate.
This PR will add an option to override the PreferredChain parameter of certes, allowing to retrieve the 'full chain' version of the certificate.
https://community.letsencrypt.org/t/long-default-and-short-alternate-certificate-chains-explained/162526