nm, seems its another one, my android 5 isnt complaining anymore
1 Like
So you have a different chain now and your android accepts it? If so I can add a config option to select that chain for compatibility.
Just to be sure everything is good definitely test it on all your devices not just the android 5. Make sure all the newer devices you plan to connect are still happy as well.
great
yeah, already tested some devices, chrome on notebook
all seems to be still working
Hi! I’m facing the same problems with my older Android 5.0.1 tablet.
I created an issue for the Let’s Encrypt add on:
opened 09:45PM - 08 Dec 22 UTC
### Describe the issue you are experiencing
Older Android devices are not worki… ng with the SSL certificates created by the Let's Encrypt add-on because the add-on uses the "ISRG Root X1" preferred chain. If it would use the default preferred chain being "DST Root CA X3" older Android devices would be able to use the SSL certificates.
### What type of installation are you running?
Home Assistant OS
### Which operating system are you running on?
Home Assistant Operating System
### Which add-on are you reporting an issue with?
Let's Encrypt
### What is the version of the add-on?
4.12.7
### Steps to reproduce the issue
Use an old Android device and browse to an SSL enabled HA instance, it wont't work. Create an SSL certificate using the "DST Root CA X3" default chain and you can connect using SSL
### System Health information
## System Information
version | core-2022.12.0
-- | --
installation_type | Home Assistant OS
dev | false
hassio | true
docker | true
user | root
virtualenv | false
python_version | 3.10.7
os_name | Linux
os_version | 5.15.61-v8
arch | aarch64
timezone | Europe/Amsterdam
config_dir | /config
<details><summary>Home Assistant Community Store</summary>
GitHub API | ok
-- | --
GitHub Content | ok
GitHub Web | ok
GitHub API Calls Remaining | 4934
Installed Version | 1.28.4
Stage | running
Available Repositories | 1153
Downloaded Repositories | 9
</details>
<details><summary>Home Assistant Cloud</summary>
logged_in | false
-- | --
can_reach_cert_server | ok
can_reach_cloud_auth | ok
can_reach_cloud | ok
</details>
<details><summary>Home Assistant Supervisor</summary>
host_os | Home Assistant OS 9.3
-- | --
update_channel | stable
supervisor_version | supervisor-2022.11.2
agent_version | 1.4.1
docker_version | 20.10.18
disk_total | 57.8 GB
disk_used | 11.7 GB
healthy | true
supported | true
board | rpi4-64
supervisor_api | ok
version_api | ok
installed_addons | File editor (5.4.2), Terminal & SSH (9.6.1), Home Assistant Google Drive Backup (0.109.2), Let's Encrypt (4.12.7)
</details>
<details><summary>Dashboards</summary>
dashboards | 1
-- | --
resources | 2
views | 11
mode | storage
</details>
<details><summary>Recorder</summary>
oldest_recorder_run | November 28, 2022 at 19:49
-- | --
current_recorder_run | December 8, 2022 at 21:44
estimated_db_size | 547.85 MiB
database_engine | sqlite
database_version | 3.38.5
</details>
### Anything in the Supervisor logs that might be useful for us?
_No response_
### Anything in the add-on logs that might be useful for us?
_No response_
### Additional information
_No response_
This is the file in the add-on which should be modified, anyone knows how to do that on my HA installation?
I also created an issue on GitHub, but it got stale
I also made a change to the code which I submitted, have a look and add your support to give it some extra weight:
home-assistant:master ← rrooggiieerr:letsencrypt_chain_fid
opened 10:48PM - 08 Dec 22 UTC
This should add an extra option to configure the preferred chain for certbot.
…
Configuring a different chain can help older Android versions to be able to use the generated certificate.
1 Like
