Observatory says that the site uses an untrusted certificate

Help
21

I have no idea which certificate they use.

22

Hm. Is any wrong with that certificate type? I have nothing changed. Netlify creates the SSL certificate itself.

1 Like
23

Can you share the URL to their site?

2 Likes
24

Do you mean my page? I talk about my page, not about theirsr.

1 Like
25

Theirs please.

3 Likes
26

Nothing is wrong with EC certificates, but some clients might not support them. (Very few, and very old)

4 Likes
27

I see the same error on the observatory whilst ssllabs gives me an A+ (not that it matters).

That what I am thinking too. Might try the short chain instead?

5 Likes
28

We can check using valid-isrgrootx1.letsencrypt.org:

That one is valid. Test for letsencrypt.org itself returns an error. Probably DST Root X3 issue.

5 Likes
29

Yet with https://valid-isrgrootx2.letsencrypt.org/ we get this issue.

https://tls-observatory.services.mozilla.com/static/certsplainer.html?id=188777607

2 Likes
30

Weird, the explainer sees ISRG Root X1 as a proper root, due to the red dot (HELLOOOO COLOUR BLIND PEOPLE!), so what's wrong with this one? Without proper verbosity, it will remain a mystery...

5 Likes
31

Has anyone tried with any other FREE CA?

4 Likes
32

Btw, this is also true of RSA certificates with SHA256 signatures.

If you want overkill compatibility you have to find a CA willing to sign a certificate using the older and not very safe SHA1. (And I'm not even sure if the CA/B BR allow that. -- it looks like they don't)

4 Likes
33

Not me, I'm too cheap! :rofl:

4 Likes
34

Hey Osirisā€¦ Thatā€™s right, but I canā€™t explain it better. What do you want to know?

I set up a DNS redirection from ā€žStratoā€œ to Netlify

I only use the certificate from netlify and Hosted directly from my GitHub repo.

I have one subdomain named app.todaysordersystem.com

I use firebase as SaaS backend.

I donā€™t have more information, or do you need any other information?

Ps: I have absolutely no experience with SSL certificates.

Please be gentle, Iā€™m just a stupid student from a bad university in Germany :joy::joy:

2 Likes
35

What you need to know is that your website is working fine.

If somebody cannot visit it, it's most likely a client issue.

3 Likes
36

no, you do not. www.app.todaysordersystem.com is a different subdomain.

3 Likes
37

Thanks @9peppe. If itā€™s a problem from Firefox, I will wait until they fix it.

@Osiris if itā€™s a way to help you to help me to fix fix it, Tell me. I really appreciate your help.

2 Likes
38

We don't know what you're seeing. What would you like to fix?

3 Likes
39

I'm also not sure what requires fixing. The Firefox Observatory seems to be broken, unrelated to your website.

4 Likes
40

I think this is my answer. Sorry for struggling and many thanks for your help!

4 Likes