Android Question Let's Encrypt unacceptable certificate

hatzisn

Well-Known Member
Licensed User
Longtime User
I tried in Android 11 to contact my site which is SSL protected with Let's Encrypt certificate and I get this answer:

ResponseError. Reason: javax.net.ssl.SSLHandshakeException: Unacceptable certificate: CN=R3, O=Let's Encrypt, C=US, Response:

What is wrong with it? Chrome in laptop does see it without any problem but Chrome in phone does not...
 
Last edited:

hatzisn

Well-Known Member
Licensed User
Longtime User
Hi, did I scare you with the private message? It is crt.sh and not cry.sh but t & y are side by side. It is the certificate registry search by comodo (now named sectigo).
 
Upvote 0

hatzisn

Well-Known Member
Licensed User
Longtime User
I have fixed it with this solution:

 
Upvote 0

magicmars

Member
Licensed User
Hi,

All my published apps that deal with API requests with okhttpUtils (https) , were down since yesterday because of the R3 lets encrypt certificate expiration (yesterday, expire IdentTrust DST Root CA X3).

I need to add HU2_ACCEPTALL in the next update of my apps, but I don't like it: that could cause man-in-the-middle attack if certificate is not checked.

As a solution, i bought a Thawte 1 year wildcard certificate (70$).
I'm ok for one year now .... but that cost me an arm ....
 
Upvote 0

magicmars

Member
Licensed User
@oparra I remind me that on a previous tread you told me that you use R3 with https acces for rest API.
Do your apps working today ?
 
Upvote 0

hatzisn

Well-Known Member
Licensed User
Longtime User
Let's Encrypt has addressed the issue already as it can be seen here:


The situation is getting fixed gradually. First the Chrome browser in my phone accepted the certificate of my site and after I tried it with the okhttputils and it worked without the HU2_ACCEPTALL conditional symbol. I suppose at least for the latest devices Samsung dealt with this. I do not know though if this change will be diffused to all the brands soon enough and to older devices as well so I do not know what to do.
 
Upvote 0

AHilberink

Active Member
Licensed User
Longtime User
Can someone explain why this is happening? I understood that old handshakes are no longer supported by Let's Encrypt.

But why is httputils2service v2.96 (latest) broken on these certificates?
What can be done at user-side to solve this or is the only solution to buy a commercial certificate?
 
Upvote 0

hatzisn

Well-Known Member
Licensed User
Longtime User
Can someone explain why this is happening? I understood that old handshakes are no longer supported by Let's Encrypt.

But why is httputils2service v2.96 (latest) broken on these certificates?
What can be done at user-side to solve this or is the only solution to buy a commercial certificate?

1) Read the link in post #7
2) If you have a site just renew the certificate
 
Upvote 0
Top