NET::ERR_CERT_DATE_INVALID on one machine, but not another

Hi,

I've been developing a website and I've been working with NodeJS vs.18.1.0 with Socket.io and been having intermittent problems with the SSL certificate for the Node server (not the regular website running on port 80, the node server runs on port 3000.) Since Dreamhost doesn't provide me root access / file access to the certificate path locations I had to manually copy and paste the certificates into a key.key file and a cert.cer file for my server.js to refer to.

Here's the weird thing, on my mac laptop running BigSur I don't experience any certificate problems, everything works great. But, when I work on my iMac running Catalina I get this error message:

NET::ERR_CERT_DATE_INVALID error when it tries to connect. To troubleshoot thus far, I've tried reinstalling the certificate, I've emptied my cache, I restarted my node.js server. I've used completely different browsers on the machines. A clue I'm getting is that no matter what web browser I use on my laptop the certificate works fine, but no matter what web browser I use on my iMac I get the certificate error message. I'm completely baffled why on one machine it works perfect, on another it breaks. Any ideas?

Remember: the regular website certificate runs perfect. It's only the node.js running on port 3000 I get the error.

http://www.myipnotify.com:3000

My web server is (include version): Apache.

The operating system my web server runs on is (include version): Ubuntu 20.04.4 LTS

My hosting provider, if applicable, is: Dreamhost.com

I can login to a root shell on my machine (yes or no, or I don't know): No root access.

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Not using certbot.

Hi @nwood, and welcome to the LE community forum :slight_smile:

The cert.cer file seems to be using the cert.pem file.

Certificate chain
 0 s:CN = www.myipnotify.com
   i:C = US, O = Let's Encrypt, CN = R3

Try using the fullchain.pem file instead.

The FQDN has IPv4 and IPv6 addresses:

Name:      www.myipnotify.com
Addresses: 2607:f298:6:a087::d82:31f0
           69.163.205.205

But the IPv6 isn't responding to my requests on port 3000.
It does however respond on port 443 [and with a proper full chain].

Certificate chain
 0 s:CN = www.myipnotify.com
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3

And so does IPv4:443

Certificate chain
 0 s:CN = www.myipnotify.com
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
1 Like