I have configured shadowsocks-rust with xray plugin using certificate from acme. Works fine on all devices except android 7. I understand that this is due to the fact that the DST Root CA X3 certificate has recently expired. Is there any solution for android 7 systems? Thanks...
Asked
Active
Viewed 192 times
1 Answers
0
Confirm your issued certificate is rooted in DST Root CA X3. Let's Encrypt still has this as the default, but check if your ACME client is requesting an alternate chain. See the production chain changes thread and the extending Android device compatibility post.
Apparently Android does not enforce notAfter dates on trust anchors. Which is allowed, roots are a special case. Technically, this means not being available after September 2024 is because of Let's Encrypt's cross sign expiring, not the root itself.
John Mahowald
- 30,009
- 1
- 17
- 32