Since the last 3-monthly renewal of my Let's Encrypt certificate (happened 3 days ago), Android devices with OS version earlier than 7.1.1 (Android API < 25), are not able to connect to my servers anymore.
The reason seems to be that the 3-year cross-sign agreement to bridge the new Let's Encrypt's "ISRG Root X1" certificate via the old partner IdenTrust's "DST Root CA X3" certificate has expired earlier this year (2024), as reported here: https://letsencrypt.org/2020/12/21/extending-android-compatibility
What is the best solution to allow the earlier Android devices to keep working with LetsEncrypt SSL servers?
It is still possible to use the cross-sign mechanism until 6th June 2024, with certificates being valid for extra 90 days (so, up to the beginning of September 2024), as explained here: https://letsencrypt.org/2023/07/10/cross-sign-expiration
You can do that, by specifying the following option in the certbot renewal command:
--preferred-chain "DST Root CA X3"
as described here: https://community.letsencrypt.org/t/old-android-tablets-cant-connect-to-le-certs-anymore/213707/2