Checking my domain looks like we're using the correct root cert, but our client have trouble connecting to our API, and Postman fails on the domain as well.
Is it something we can fix ourselves, or need our clients to update?
We'd need to know more about your clients -- what operating system, what program, what version, etc.
It's their own server, so I don't know.But I know that it fails in Postman on Windows 11 beta and also Postman on latest osx version.
I just need to confirm if it's an issue with my certificate or? 
SSL Labs only check on port 443.
You mention
Which ports are those running on?
Have you checked that they too are using the correct chain?
1 Like
Can you show the certificate that is being presented?
A post was merged into an existing topic: Help thread for DST Root CA X3 expiration (September 2021)
I did all windows suggestions from this topic, any of them solve all the devices, deleted all X3 and R3 expired certificates, generate new certificates, restarted IIS, restarted server and changed the Preferred Issuer to "ISRG Root X1". Can't make it work on Windows 7. The same website works on others devices and show different certificate chain.
Clear cache and reboot Win7 PC.
19 posts were merged into an existing topic: Help thread for DST Root CA X3 expiration (September 2021)
Yes, thank you.
Let me check on that name...
The web server is not providing any chain:
---
Certificate chain
0 s:/CN=design.aishowhouse.com
i:/C=US/O=Let's Encrypt/CN=R3
---
1 Like
Thanks for your response! I can't figure out how to test my chain other than ssllabs. The domain is question is app.kreditdata.dk
There are other sites that allow you to check IP:port
And there is also OpenSSL
Which service is giving you trouble?
[I think the web site should be fine now]
From what I can see:
curl -Iki design.aishowhouse.com
HTTP/1.1 308 Permanent Redirect
Server: openresty/1.15.8.1
it's running on openresty
which is based off nginx
[I personally don't use it but]
I would try looking for your vhost config file in
/etc/nginx/
Our client is getting errors when doing POST to that domain, and doing either post/get from postman (just to root domain) gives ssl expired error
Port 25? 465? 587? 993?
I'm not psychic - help me out! - LOL
Sorry 
no specific port, so I guess it's 443 when SSL
That is strange...
I do see the expected chain:
---
Certificate chain
0 s:/CN=www.cevaz.org
i:/C=US/O=Let's Encrypt/CN=R3
1 s:/C=US/O=Let's Encrypt/CN=R3
i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Same as:
---
Certificate chain
0 s:/CN=community.letsencrypt.org
i:/C=US/O=Let's Encrypt/CN=R3
1 s:/C=US/O=Let's Encrypt/CN=R3
i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Can you use Win7 Chrome 94 to get to (this site)?:
https://community.letsencyrpt.org/
Windows builds that path for you - it isn't always what the server is sending.
You can't force it - your web server can offer it / suggest it.
But ultimately the client/software decides what it wants to do./build/see/use.
You said "POST"
But I'm not sure if you mean "e-mail" or an HTML POST request.
I mean http post request. But if I just dk a GET to the domain in postman, no port defined, I get the error.