Browser gives error, can't find why

Hello everyone,

I use Certbot since 2017 without issues, but yesterday one of my new customers noticed a certificate error on my website https://www.thalasso-saintmalo.com.

Here is the screenshot he has taken (on Win10 Edge):


Error is DLG_DLAGS_INVALID_CA DLG_FLAGS_SEC_CERT_CN_INVALID

I can’t reproduce the error on any device. and the test https://www.ssllabs.com/ssltest/analyze.html?d=www.thalasso-saintmalo.com&hideResults=on gives an A+ grade.

After that I made him test other websites on his browser:

He said the error also appears on Chrome, Firefox, IE.
The “invalid CA/CN” error should be detected by the tests, and I don’t see any problem here.

What is going on? I don’t know where to start, any idea of the error?
Thank you very much


My domain is: thalasso-saintmalo.com
My web server is (include version): nginx/1.11.9
The operating system my web server runs on is (include version): Debian8
My hosting provider, if applicable, is: self hosted
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.34.2

Hi @nicomollet

I don't see a problem - https://check-your-website.server-daten.de/?q=thalasso-saintmalo.com

The site has a Grade E - not perfect, but the certificates are correct:

The certificate is good:

CN=thalasso-saintmalo.com
	22.04.2019
	21.07.2019
expires in 53 days	
thalasso-saintmalo.com, www.thalasso-saintmalo.com - 2 entries

there is no chain error

Chain (complete)	
	1	CN=thalasso-saintmalo.com
	2	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US

and no mixed content warnings.

Looks like your customer uses a firewall or an anti-virus-software, that creates an own, self signed certificate. That's a man in the middle. Perhaps Letsencrypt is defined as exception.

What's the Certificate Authority of that certificate in the screenshot?

Hello @JuergenAuer

Thanks a lot for your help.

I managed to get the certificate viewed by my customer.
certificat
It sees “aquatonic.fr”, FYI it is a website I also own and have a Letsencrypt cerificate and is on the same webserver, with same IP.

The CA is Cyberoam, which is unknown to me, looks like a firewall technology.

How can the firewall interfere with my certificate?
Thank you

1 Like

That's not from Letsencrypt. Check the third tab.

Should look like

cert

So it's a special problem of that customer, not a general problem of your domain.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.