I’ve noticed that my sites hosted under control of sympl and using Letsencrypt SSL certificates give error messages if I use older devices such as a tablet with Android 6.
No problems with newer browsers (desktop or mobile), nor with other SSL sites on the same Android 6 tablet.
The Letsencrypt certificate hasn’t expired and the same sites get rated A+ on the SSL labs test.
Is there anything I can do to make my sites acceptable to older clients, or does this require a different sort of certificate that costs money and Letsencrypt can’t provide?
Also possibly related, someone has reported about one of my sites: “Trying to access the website using Google Chrome (or any Google browser) is impossible …
it comes up with a privacy warning that is impossible to get round.
I think it needs the server host to add an authentication certificate … all Google
products are insisting on these now (no doubt to stop them being sued by users who get
I’ve no idea what he’s talking about. Does anyone else?
The site is https://embsaylibrary.org.uk if anyone’s sufficiently interested to test. It’s recently moved to my hosting (just over a week ago)
Any Error Messages
On older Chrome with Android 6:
“The identity of this website hasn’t been verified - server’s certificate is not trusted”
Letsencrypt SSL certificates give error messages if I use older devices such as a tablet with Android 6.
Android 6 was end-of-life 7 years ago now, so it’ll probably not be aware of more modern SSL protocols, and likely not have the updated Let’s Encrypt R3 Root Certificate and it’s cross-signing - IIRC, 7.1 was where it was added, so anything older than that will have problems with various things.
You could try editing the Apache config for the site and allowing TLS 1.0 and 1.1 by editing the SSLProtocol line and removing the -TLSv1 and TLSv1.1, but it would significantly reduce the security of the HTTPS connections as both have known issues.
“Trying to access the website using Google Chrome (or any Google browser) is impossible …
it comes up with a privacy warning that is impossible to get round.…"
That sounds like they’re maybe accessing an older copy of the site, and have the newer Chrome ‘Safe Browsing’ security enabled?
Check the A and AAAA records end up at the same server, but other than that it looks fine.
“I think it needs the server host to add an authentication certificate”
Not sure about the rest, but Google are heavy pushing everything toward HTTPS, and preferentially ranking sites in search which use it, or they might have HTTPS and some other Google thing (Google Search Console) confused?
Maybe worth asking that user for a screenshot of the message they get?