Let's Encrypt & iTunes podcasts
Update (April 2018): Apple appear to have fixed this in late 2016 - see this article from feed.press.
Two podcasts I run have disappeared from the iTunes podcast store. After a few baffling evenings spent debugging a rather frustrating “Can’t read feed” error, it turns out the problem is fairly simple.
The iTunes Store’s support for SSL is a bit disappointing, to say the least. To get a podcast into the iTunes store, you need to make sure your SSL set-up is supported by Java 6. That means:
- No SNI support;
- No support for more than 1024 bit DH parameters.
Note that neither of the above are required for iTunes itself to add your podcast manually via the URL - it’s just the backend of iTunes which appears to be seriously limited. The latter is particularly annoying - reducing the security of my sites just to placate iTunes. Sadly, downgrading to 1024 bit DH parameters didn’t help me in the slightest. I’d now got a valid Java 6 set-up, but still I couldn’t submit my podcast to the iTunes store.
The advice from Apple when I reported the problem (via podcastsupport@apple.com), though more responsive than I’d hoped, came in two parts:
The use of SSL within an RSS feed URL can cause errors, so please remove if possible to successfully submit this feed.
I didn’t fancy removing SSL from my site just for the sake of iTunes (and given the set-up of my site, removing it just from the podcast would be difficult), so I pushed back a little, and then received this:
At this time, SSL certificates from Lets Encrypt are not supported.
Consider an SSL certificate a different organization. Podcasters have found the following certificates work well:
https://www.godaddy.com/ssl/ssl-certificates.aspx
http://www.symantec.com/ssl-certificates
Here’s hoping this situation doesn’t last long.
Discussion on Hacker News.