Google Chrome Warning!

Inyourbox · April 22, 2016, 11:52pm

Hello,

I have just installed Let’s Encrypt onto my NGINX server using the Webroot Plugin.

I have successfully obtained a certificate, however when I click on the green padlock on Chrome and click “Connection”, Chrome displays a message saying “Stop using an invalid certificate.”

Is this normal?

Thanks,
Ashley.

pfg · April 23, 2016, 12:00am

No, that shouldn’t happen. Try SSL Labs on your domain and see if any issues are reported (I’d take a close look at any certificate chain issues it might report - you might have pointed your nginx configuration at cert.pem instead of fullchain.pem.)

If that doesn’t get you anywhere, it might help to share your domain name as well as your web server configuration and the client OS.

tialaramex · April 23, 2016, 2:44am

Usually “Stop using an invalid certificate” is not a “message” but a button that lets you do what it says. This button appears if you have previously told Chrome that you don’t care about a security problem (for example, you were using a self-signed certificate on that site) and you can press the button if you decide you do care after all.

If you’ve got Let’s Encrypt set up properly for your site you should be able to press this button without any problems.

Inyourbox · April 23, 2016, 9:28am

Thanks for everyone’s help.

I tried pressing the “Stop using an invalid certificate.” but unfortunately this didn’t stop the button from appearing. I also noticed that the first domain on the certificate was not displaying the button but the second domain on the certificate was.

So I decided to generate a strong Diffie-Hellman group with the following command:

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

And then added this into my server block:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;

I then reloaded and restarted NGINX and the button from Google Chrome finally disappeared. So as far as I can see, everything must be installed and configured correctly with Let’s Encrypt. This also upgraded my rank on SSL Labs to A+.

Topic		Replies	Views
Google Chrome error code Help	21	2154	August 16, 2018
Let's Encrypt cert works in Chrome, pops warning in Safari Help	6	7220	June 13, 2018
Let's encrypt certificate not seruce chrome? Help	4	3091	September 7, 2018
Chrome not accepting new cert Help	56	2544	November 26, 2023
Browser is complaining that my certificate is invalid, how to fix this? Help	13	785	March 22, 2022

Google Chrome Warning!

Related topics