Let's encrypt iOS issue with root certs


Documentation Let's Encrypt Chained Certificte.

If I understand it right, then has iOS problems sometimes to accept the Let's Encrypt Root certificate without the Trust center root certifcate. This is called chained certificate.

The Let's encrypt root certificate is available here: https://letsencrypt.org/certs/lets-encrypt-r3.pem

To create a chained SSL certificate with the Let's Encrypt certificate it is necessary to create or renew the certificate with certbot for example.
After receiving the new pem certificate file it must be extend with the R3 X1 Root certificate from Let's Encrypt.

This is easy by adding the pure certificate text string of the X1 root certificate after the certificate string withing the new pem Let's encrypt file.

In laradock I've done this by accessing the workspace container and extending the file below /certs/clients/cert1.pem

In my case I've copied the cert.pem file to cert.chained.pem and added the X1 root certificate after the first certificate string.
Then I've exchanged the ssl_certifcate value within the nginx config file.

Before:
server {
    listen              80;
    listen              443 ssl;
    server_name         www.example.com;
    ssl_certificate     cert.pem;
    ssl_certificate_key cert.key;
}​

After:

server {
    listen              80;
    listen              443 ssl;
    server_name         www.example.com;
    ssl_certificate     cert.chained.pem;
    ssl_certificate_key cert.key;
}

Hints:

Certificate search: https://crt.sh/
Let's encrypt certificates: https://letsencrypt.org/certificates/
Configuring nginx HTTP: http://nginx.org/en/docs/http/configuring_https_servers.html
SSL Checker: https://www.sslshopper.com/ssl-checker.html


Did you find this article useful?