|
|
|
|
|
|
by pa9am
1722 days ago
|
|
|
This also bit me. I thought I was in the clear not using anything with outdated CA keystores. Turns out that some TLS implementations don't trust the connection if the server provides an expired CA in the certificate chain. This includes the Nextcloud client for Windows and the DNS over TLS implementation in Android 11. Adding the argument --preferred-chain "ISRG Root X1" to certbot fixes this by not chaining the expired CA X3... |
|
|