Every site using Lets Encrypt is not opening in my chrome

Been 3 days, my systems and similarly 3 more systems of my clients are unable to open my apps on their PC.

All are in different cities using different internet. When we try to open, Network tab looks like this, it opens site without https

My domain is: https://sapphireprofits.com , https://noproxy.in

Both sites were having problem. We finally pin pointed that both are using lets encrypt. Then we tried https://ping.eu, it was also showing same problem as it is also using lets encrypt.

Browser tried: chrome, microsoft edge , mozilla [ in some pc it is working ok, in some even mozilla is also not working].

What do we do to solve this issue ??

Hosting provider is:: hostgator
Windows - 7, 2003 server

Trying installing the ISRG Root X1 certificate on a test machine to see if that helps:

  • browse to http://x1.i.lencr.org/ in order to download the .cer file for ISRG Root X1 (your browser may warn about the file type and you may need to click "Keep" to save the file)
  • open file, click "Install Certificate..", Choose default option "automatically select..", Next, Finish
  • Reboot
  • Test browser again.

If this works, you need to ensure that all of the machines you manage have this certificate installed.

1 Like

Hi @ersaurabh101 welcome to the LE community forum :slight_smile:

The two sites mentioned resolve to different IPs and have two valid certs but each is using a different valid LE trust path.

---
Certificate chain
 0 s:CN = noproxy.in
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---

---
Certificate chain
 0 s:CN = cpcontacts.qorder.co
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
---

If there are clients that can't see either of those two sites, then they surely need the "ISRG Root X1" cert added to their trust store.
Follow the instructions provided by @webprofusion above to do so.

1 Like

Yes noproxy.in is hosted on another server. sapphireprofits.com is on hostgator. ping.eu i am not aware, I mean no site with lets encrypt are opening.

"they surely need the "ISRG Root X1" cert added to their trust store." Where do we need to do this ?? How do we do this ???

I'm assuming you are the IT administrator for a collection of IT systems. If you run 'certlm.msc' on your Windows 10 machine you will see the Windows certificate management UI.

You will see there is a section called Trusted Root Certification Authorities:

All of these are the "root certificates" your operating system trust. Each certificate authority has one or more root certificates it uses to issue trusted certificates. These certificates (for a website etc) are only trusted by systems which also know about the same "root certificate".

When your operating system trust store is out of date, it will gradually start to no trust various websites.

Your trust store is now out of date and needs to be updated with the latest root certificates.

You can install each one manually, or a way to do this automatically is to enable the windows feature for automatic updates: An automatic updater of untrusted certificates is available for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2

1 Like

Installed, Reboot the entire system, Same problem.

are they behind some firewall? fortigate had problem processing the cert, blocking it

No, they are standalone user laptops, being used in work from home enviornment.

also, i have the same problem

Problem resolved on windows 7.
update windows here: Support for urgent Trusted Root updates for Windows Root Certificate Program in Windows - Microsoft Support

But what is the solution for server 2003 as there is no package available for that

If that is having a web client problem, I would try manually adding LE root certs.
If that is having a web serving problem, I would think it follows other IIS solutions posted in this forum.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.