Hello,

My domains are www.ekumen.net and www.ekumen.eu. Everything works on all browsers on my home desktop.
But on my laptop running on windows 7, only firefox is working well.
On google chrome, when I use one of these urls, I obtain this message : NET::ERR_CERT_AUTHORITY_INVALID
Same problem with Opera and IE.

I tried quite everything : empty the cache, stop the avast antivirus, reinstall chrome… Nothing changes.
This problem only appears on my laptop : I haven’t seen this problem on any browser on the other PCs.

What do you think I should do ?

Thanks

Hi @jps1

your certificate is correct:

CN=www.ekumen.net
	03.01.2019
	03.04.2019
	ekumen.net, www.ekumen.net - 2 entries

valide, with two domain names. Both connections use the certificate.

So:

Which Chrome-version is installed? If Chrome is too old, perhaps something is missing.

There should be a button "Detailed" or "Additional Informations". What's there?

Thank you, Jürgen. I have the latest Chrome version (installed this morning).

The details message is :
Can not verify on the server that this is the domain www.ekumen.eu, because its security certificate is not considered reliable by the operating system of your computer. This may be due to a misconfiguration or the interception of your connection by a hacker.

As Firefox uses it’s own certificate store and Chrome/IE the one of the Operating system, it may be a problem with windows. Or an antivirus doing a MitM. Is your windows up to date? Are your antivirus up to date?

A screenshot of the certificate may help: https://www.ssl2buy.com/wiki/how-to-view-ssl-certificate-details-on-chrome-56

certificat.jpg986×703 84.6 KB

Thank you, tdelmas (Thomas I suppose).
My Avast is up to date, but I cannot be sur that my windows 7 is OK.
I check this point and come back to you

Almost, Tom
Can you take a picture of the "Chemin d'acces de certification" tab? Merci!

Hi, Tom,

Here it is.

acces.jpg1010×660 61.6 KB

And a complement.

dst root.jpg1104×691 95.5 KB

So it doesn't seams to be a MitM, the chain seams to be correct.

Windows should trust DST Root CA X3... Somebody else seams to have the same problem [solved] Unable to access sites certified by Lets Encrypt .Windows 7 - #7 by wartburg

Can you check that: TLS connection to letsencrypt.org fails with Chromium and IE - #10 by rugk ?

It was caused by a setting I had modified. I disabled “Automatic Root Certificates Update ” (link 2 ) which is a technology of Windows to fetch missing root certificates from the Windows update servers to import them into the root certificate store.

And can you test that website too? helloworld.letsencrypt.org (just to be sure)

helloworld.jpg909×595 39.7 KB

Does not work either

Open the DST certificate.

Go to details. Save it in a file.

Then open the file, Windows should ask to import it.

It sounds like Windows hasn't been updated in quite some time.
Perhaps a "Windows Update" is in order.

Hello,
I finished to update completely my PC with the last windows 7 updates.
Still does not work.

Do you have a solution ?

You could manually import the root cert into the trusted roots…

That could be a good idea. Do you have a good one I could import ? And where should I copy it ?

It’s relatively easy in Windows.
Which browser are you using?
[The steps are somewhat different for each]

Probably simplest in Chrome, but generally:
While pointing at this very site, click the lock and view the cert.
Find the root cert (“DST Root CA X3”) and save it to a file.
(make sure it ends with .cer or .crt)
[It should look like the text below]
Double-click the saved file and install the cert into the “local machine”.
“Place … in the following store”
browse
“Trusted Root Certificate Authorites”

DST Root CA X3

-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----

OK, I try that and reply to you !

Problem solved ! You are a champion !
Thank you very much !