Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
The operating system my web server runs on is (include version): Windows Server 2016 DataCenter Edition
My hosting provider, if applicable, is: Contabo
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk Obsidian
Hello, I am writing here again an entry related to kiseni.com . Apparently there is a problem with the wildcard certificate of Lets Encrypt. As soon as I call up my domain I get the error described in the title. According to SSLChecker the certificate and the chain is correct.
The certificate path appears correct and the site loads properly on my system. You should check your computers trust store and ensure ISRG Root X1 and DST Root CA X3 appear there.
Also verify against a computer on a different network, there is a possibility some sort of ssl inspection or other network device is intercepting the connection. (This can also happen with some antivirus products)
No issues for me with loading the site. I suggest you clear your browser cache or test in a different browser. Happened to me the other day & I had to do that cause it was only happening in my Chrome browser.
Pull up the certificate details, that will provide more information about the problem. You should be able to click the “Not Secure” icon in the top left of the page next to the address bar (Not sure what it is in German though), Then click Certificate and provide the information there.
That's not a Let's Encrypt certificate (or a certificate from any publicly trusted CA).
This is 100% a guess, but "FGT60E4Q16019307" sounds like it could have been issued by a Fortinet FortiGate 60E. (Maybe "4Q16019307" is when it was manufactured and the serial number.)
Do you have one of those?
Is it configured to do HTTPS interception?
Are you sure your DNS records and hosts file are correct?
Yes we have a FortiGate in use, I just find it interesting that this error only occurs behind this firewall, so you can assume that this is not a problem of Lets Encrypt?
Correct, The FortiGate is intercepting the connection and because of this you see the certificate generated by the FortiGate, Which isn’t trusted on any device by default.
I don’t know much about FortiGate and have never used it but if you have access to manage it you should be able to disable that function, (I had a link here, but after reading it a second time I think it’s a simpler matter of just going into the inspection menu and turning off deep scan)