Groups | Search | Server Info | Login | Register

Groups > comp.mobile.android > #153869

Re: Let's Encrypt certificate not valid for Android 7 and older #7039,Closed

From Eric Pozharski <apple.universe@posteo.net>
Newsgroups comp.mobile.android
Subject Re: Let's Encrypt certificate not valid for Android 7 and older #7039,Closed
Date 2026-05-10 01:03 +0000
Organization A noiseless patient Spider
Message-ID <slrn10vvmaj.6h6.apple.universe@freight.zombinet> (permalink)
References (4 earlier) <ijD*ZKNFA@news.chiark.greenend.org.uk> <n5u7puFjjhU1@mid.individual.net> <10tfh3i$16hd2$2@dont-email.me> <10tfs5d$2dp9$1@nnrp.usenet.blueworldhosting.com> <10thbt5$1q98s$1@dont-email.me>

Show all headers | View raw

with <10thbt5$1q98s$1@dont-email.me> Arno Welzel wrote:
> Maria Sophia, 2026-05-06 19:01:
>> Arno Welzel wrote:

>>> The certificates for the root CA of Let's Encrypt can be found here:
>>> <https://letsencrypt.org/certificates/>
>>> However Android does not allow to import system wide root CAs for
>>> security reasons. So this will not help you.
>> b. Manual install (under certain conditions) This says you can
>> manually install it under certain circumstances.
>> <https://voxelmanip.se/2024/09/17/installing-lets-encrypt-certificates-on-old-android/>
> Thanks for this pointer - indeed I forgot, that you can install a CA
> certificate in the security settings.

Well, how should I put it?  I didn't mention
Settings/Security/InstallFromSD way because I'd tried it back then and
it wasn't working -- the certificate is visible (more on that later) but
no amount of pushing/pinching/punching/screaming makes any difference --
nothing happens.  So being all righteous and staff I went there again to
be immediately defeated -- now it works.

And this is fine.  Do something stupid, that unlocks some functionality
that The Industry deems to be gone, then unroll the stupidity done to
use the functionality.  And then wait for time the stupidity will come
back to bite you.  And it will.  One day.

Now corrections to voxelmanip.se story.

[1] Side note, some screenshots are clearly in The Dark Theme.  What
    stupidity should I do to unlock this?  All I can find is
    Settings/Accessibility/ColorInversion.  But It's just negative but
    The Dark Theme.

[2] Filename *must* be with 'crt' or 'pem' suffix.  Demonstrated 'txt'
    suffix doesn't do.  Potential (more on that later) certificates
    will have visible stylized fingerprint icon (granted in grid view);
    all other files are dimmed.  And that stems from suffix only,
    contents isn't examined yet.  Basename is indeed irrelevant.

[3] If filename has 'crt'/'pem' suffix but contents is anything but a
    certificate upon pushing results in a message 'No certificate to
    install'.  Funny shit, file size (like being empty) doesn't
    invalidates eligibility of potential files.

[4] Indeed, name of certificate isn't sourced from certificate itself.
    Thus making it prone to abuse, I guess.

[5] Check for screenPin/screenPassword is made at attempt to install but
    open.

[6] So far I don't see SPin/SPassword required to stay -- I've returned
    screen lock to Swipe and nothing (on the surface) has changed.

All that is known from observation.  I've tried to think a certificate I
would need and nothing came up.  So I just grabbed 'ISRG Root X2' and
installed it.  Obviously, since I don't need it I can't report if/how it
works.  Anyway,

[7] Using, now working, S/S/IFSD installs into 'Users'.  In contrary
    with The Only True Way (what requires rooting) that installs into
    'System'.

> However you will then also get a constant warning, that your Network
> activity may be monitored, since Android does not know, if the added
> certificate is legit.

The Scary Warning isn't constant -- I've swiped it off so far it hasn't
surfaced again.  I'll report back if anything happens.

*CUT* [  3 lines   1 level deep]

-- 
Torvalds' goal for Linux is very simple: World Domination
Stallman's goal for GNU is even simpler: Freedom

Back to comp.mobile.android | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Let's Encrypt certificate not valid for Android 7 and older #7039,Closed Jakub <jak74@interia.pl> - 2026-05-03 15:02 +0200
  Re: Let's Encrypt certificate not valid for Android 7 and older #7039,Closed Chris <ithinkiam@gmail.com> - 2026-05-03 13:31 +0000
    Re: Let's Encrypt certificate not valid for Android 7 and older #7039,Closed Eric Pozharski <apple.universe@posteo.net> - 2026-05-04 08:30 +0000
      Re: Let's Encrypt certificate not valid for Android 7 and older #7039,Closed David Higton <dave@davehigton.me.uk> - 2026-05-04 16:15 +0100
        Re: Let's Encrypt certificate not valid for Android 7 and older #7039,Closed Theo <theom+news@chiark.greenend.org.uk> - 2026-05-05 13:38 +0100
          Re: Let's Encrypt certificate not valid for Android 7 and older #7039,Closed Andy Burns <usenet@andyburns.uk> - 2026-05-05 13:57 +0100
            Re: Let's Encrypt certificate not valid for Android 7 and older #7039,Closed Arno Welzel <usenet@arnowelzel.de> - 2026-05-06 15:52 +0200
              Re: Let's Encrypt certificate not valid for Android 7 and older #7039,Closed Maria Sophia <mariasophia@comprehension.com> - 2026-05-06 11:01 -0600
                Re: Let's Encrypt certificate not valid for Android 7 and older #7039,Closed Arno Welzel <usenet@arnowelzel.de> - 2026-05-07 08:36 +0200
                Re: Let's Encrypt certificate not valid for Android 7 and older #7039,Closed Eric Pozharski <apple.universe@posteo.net> - 2026-05-10 01:03 +0000
        Re: Let's Encrypt certificate not valid for Android 7 and older #7039,Closed Eric Pozharski <apple.universe@posteo.net> - 2026-05-05 10:34 +0000
        Re: Let's Encrypt certificate not valid for Android 7 and older #7039,Closed Arno Welzel <usenet@arnowelzel.de> - 2026-05-06 14:52 +0200
  Re: Let's Encrypt certificate not valid for Android 7 and older #7039,Closed Arno Welzel <usenet@arnowelzel.de> - 2026-05-04 11:59 +0200

csiph-web