Every site using Lets Encrypt is not opening in my chrome

ersaurabh101 · October 6, 2021, 7:43am

Been 3 days, my systems and similarly 3 more systems of my clients are unable to open my apps on their PC.

All are in different cities using different internet. When we try to open, Network tab looks like this, it opens site without https

My domain is: https://sapphireprofits.com , https://noproxy.in

Both sites were having problem. We finally pin pointed that both are using lets encrypt. Then we tried https://ping.eu, it was also showing same problem as it is also using lets encrypt.

Browser tried: chrome, microsoft edge , mozilla [ in some pc it is working ok, in some even mozilla is also not working].

What do we do to solve this issue ??

Hosting provider is:: hostgator
Windows - 7, 2003 server

webprofusion · October 6, 2021, 7:48am

Trying installing the ISRG Root X1 certificate on a test machine to see if that helps:

browse to http://x1.i.lencr.org/ in order to download the .cer file for ISRG Root X1 (your browser may warn about the file type and you may need to click "Keep" to save the file)
open file, click "Install Certificate..", Choose default option "automatically select..", Next, Finish
Reboot
Test browser again.

If this works, you need to ensure that all of the machines you manage have this certificate installed.

rg305 · October 6, 2021, 7:54am

Hi @ersaurabh101 welcome to the LE community forum

The two sites mentioned resolve to different IPs and have two valid certs but each is using a different valid LE trust path.

---
Certificate chain
 0 s:CN = noproxy.in
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---

---
Certificate chain
 0 s:CN = cpcontacts.qorder.co
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
---

If there are clients that can't see either of those two sites, then they surely need the "ISRG Root X1" cert added to their trust store.
Follow the instructions provided by @webprofusion above to do so.

ersaurabh101 · October 6, 2021, 8:00am

Yes noproxy.in is hosted on another server. sapphireprofits.com is on hostgator. ping.eu i am not aware, I mean no site with lets encrypt are opening.

"they surely need the "ISRG Root X1" cert added to their trust store." Where do we need to do this ?? How do we do this ???

rg305 · October 6, 2021, 8:02am

webprofusion · October 6, 2021, 8:13am

I'm assuming you are the IT administrator for a collection of IT systems. If you run 'certlm.msc' on your Windows 10 machine you will see the Windows certificate management UI.

You will see there is a section called Trusted Root Certification Authorities:

All of these are the "root certificates" your operating system trust. Each certificate authority has one or more root certificates it uses to issue trusted certificates. These certificates (for a website etc) are only trusted by systems which also know about the same "root certificate".

When your operating system trust store is out of date, it will gradually start to no trust various websites.

Your trust store is now out of date and needs to be updated with the latest root certificates.

You can install each one manually, or a way to do this automatically is to enable the windows feature for automatic updates: An automatic updater of untrusted certificates is available for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2

ersaurabh101 · October 6, 2021, 8:35am

Installed, Reboot the entire system, Same problem.

orangepizza · October 6, 2021, 8:37am

are they behind some firewall? fortigate had problem processing the cert, blocking it

ersaurabh101 · October 6, 2021, 8:41am

No, they are standalone user laptops, being used in work from home enviornment.

saleh · October 6, 2021, 8:48am

also, i have the same problem

ersaurabh101 · October 6, 2021, 9:08am

Problem resolved on windows 7.
update windows here: Support for urgent Trusted Root updates for Windows Root Certificate Program in Windows - Microsoft Support

But what is the solution for server 2003 as there is no package available for that

rg305 · October 6, 2021, 4:21pm

If that is having a web client problem, I would try manually adding LE root certs.
If that is having a web serving problem, I would think it follows other IIS solutions posted in this forum.

system · November 5, 2021, 4:21pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Strange problem after september updates (IPSEC / revoked cert / let's enc chain) Help	4	535	November 3, 2021
Everywebsite that uses lets encrypt is broken form me Help	6	1517	November 2, 2021
[solved] Unable to access sites certified by Lets Encrypt .Windows 7 Help	8	10184	November 21, 2017
SSL Certificate error iis Help	17	7361	January 5, 2018
Your Connection to this site is not secure Help	2	1678	April 14, 2017

Every site using Lets Encrypt is not opening in my chrome

Related topics