Privacy Error Flag on let's encrypt protected sites since May 25, 2018


#1

Hello Everyone.

I use the free let’s encrypt service thru Dreamhost.com

Since May 25, 2018, all my sites using let’s encrypt ssl certificates are now displaying ‘Privacy Error’.
Even your sub domain, community.letsencrypt.org is flagged with privacy error too.

I think it is caused by the new GDPR regulations.

Can someone help me know how to correct this problem?

One of my sites is Https://forpetowner.com running on PHP 7.0

Thanks


Not working in Russia?
#2

What is the exact “privacy error” and what program does it come from? Is it Google Chrome saying “This connection is not private”?

Your site loads fine for me and SSLLabs.com gives it an A grade so this is probably an issue with the client machine and not your server.


#3

Thanks for reaching out this quick.

Mozilla and Chrome do flag my sites with privacy error.

They also flag this same site community.letsencrypt.org with privacy error too.

What is going on?


#4

In Google Chrome when you get a privacy error it shows small gray text under the main error that says NET::ERR::something. If you double-click on that it will open up a box that contains some extra information we can use to debug this issue. Please copy and paste the contents of this box here.


#5

It says

NET::ERR_CERT_AUTHORITY_INVALID


#6

Please show the cert chain in use and where it becomes invalid.


#7

NET::ERR_CERT_AUTHORITY_INVALID
Subject: forpetowner.com

Issuer: bspa.inc

Expires on: Aug 10, 2018

Current date: May 28, 2018

PEM encoded chain:
-----BEGIN CERTIFICATE-----
MIICpDCCAYygAwIBAgIRAIL/wLsfHUuXZ7aXJptFhs8wDQYJKoZIhvcNAQELBQAw
EzERMA8GA1UEAxMIYnNwYS5pbmMwHhcNMTgwNTEyMTA0MjAwWhcNMTgwODEwMTA0
MjAwWjAaMRgwFgYDVQQDEw9mb3JwZXRvd25lci5jb20wgZ8wDQYJKoZIhvcNAQEB
BQADgY0AMIGJAoGBALrRqHMefUMGLAwpdV+NRiDlYE/AywaLl6ypjUPC4neEOWyL
HtH/eezwUxF68NkfU7u37v6gQTryPt1nw57L3cdMPEq/NpWl4EnTWFEOuH1L7XiY
upLgdgWGTptBopKSavBEx1JpVOCtX+swd604/SLag2w67fUEElYONVJmrHVhAgMB
AAGjcDBuMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAvBgNVHREEKDAm
gg9mb3JwZXRvd25lci5jb22CE3d3dy5mb3JwZXRvd25lci5jb20wDgYDVR0PAQH/
BAQDAgWgMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAI/Iu/IzN5tA
lZRZ7bX+U3W1S3ErdcnKGNsW3uYlUeEA6c1TblDZCEknG2wyST8iK+TDyC1MkzB3
pQzHrKhE17XiNtCl2a3oPAlFKUyGjDRNRsvboHfyS/cVqu0vpDhekCqEzjFKEjha
70G3/bvHYrfs6+GaOQa+YLzwBtUUOQSXC4cYp0T8GcDlLQdAE97O8/+6TgqJrrLs
AAbkEl3G8U4JXhTAjRpVXWJyiDSMuPVOAnXY1Y6JiNVP6YQ0dOdTpOCq12vVEWyd
EPAntmKKTXfu2ymDtfxn3WF2yImx3i/fzR4xj9V+Xw/dbbKDEBmLNWUkFLW3olE/
kmFgeUz66fs=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICxDCCAaygAwIBAgIEGKT1XjANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhi
c3BhLmluYzAeFw0xNzEyMjkxMTUzNDZaFw0yNDEyMjkxMTUzNDZaMBMxETAPBgNV
BAMTCGJzcGEuaW5jMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ozU
vwG7bE6zhk1MRi1G+JkLy40Bi+qDJMgauaEFG4XXMZLWLFuEY4lo8Tbrm7PUrakE
e7GI3V03JxM8OgaGTuWmnbLMEJ/vskD06mYDqeBOuGZGBwApqsJbApkW7AKN9ymj
/nlU2rFTniXKu/lvIXX2aFjyRwAWHNf5CR5EVZMZhBjZgW/QDWIYSHXFA7JUSfLD
oli3jqF5NapRGiJU/Z0R3Zb/2HOutfVzPaHWXrEsPVsPcaUxPYqSl0KSjzj6wZBs
IN1gnX2BrUjSdr6RwDspxBj9CQkbZqo1kFzgvKw5grYQidISEOwtALb0AN9oKjqN
FB0pVqJasMPL0dcK+QIDAQABoyAwHjAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQE
AwIBhjANBgkqhkiG9w0BAQUFAAOCAQEART/ardk2M8ykudlpnCIrPjwrhapolvtg
LQy6vR5CnUoAsQsVHE/slatPAhzMYtJ+n2RUCbqwTrkn5+cfpRbUxkgbypGheP3q
aFGKZNgHYVkJD5Vx8bk5dbKcRUZwlfNRmmSbY+Hh2/hS1ubytWWc5zskbSEyYAwl
Id5W75gF7AQp+Dkq+vozVupgNIpLhaiLnmlNfaJ79O589UIRgIC1iRckTF5zu9EG
6Gt6uWElOzJ9cjeINriuZf0XrMyv+GBoFar7L75g2tJ9RB1l3wAxePscsLW4YvE8
Tq8fgqErE7RMoh/Iu6V3B1yuOLl1KFGN13UG5ZcLzN+Qgis47h0GCA==
-----END CERTIFICATE-----


#8

That cert was not issued by LE:


Do you have access to
/etc/letsencrypt/renewal/<cert name>.conf

Maybe it was issued by a test staging system… ? ? ?


#9

As aforementioned, I use the LE thru Dreamhost. I think it should be issued by LE.

What can I do?

What about this community? Did it normally have an ssl certificate or what?


#10

I don’t know whether I do or not. How do I verify, please?


#11

Speak to DreamHost - it obviously wasn’t isssed by LE.

Yes, please show the cert chain that you seen with the error.
I see this:


#12

NET::ERR_CERT_AUTHORITY_INVALID
Subject: community.letsencrypt.org

Issuer: bspa.inc

Expires on: Jul 1, 2018

Current date: May 28, 2018

PEM encoded chain:
-----BEGIN CERTIFICATE-----
MIICozCCAYugAwIBAgIRALlqbfF89GrwkB26EUtOGLYwDQYJKoZIhvcNAQELBQAw
EzERMA8GA1UEAxMIYnNwYS5pbmMwHhcNMTgwNDAyMDAwMTQ1WhcNMTgwNzAxMDAw
MTQ1WjAkMSIwIAYDVQQDExljb21tdW5pdHkubGV0c2VuY3J5cHQub3JnMIGfMA0G
CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1IO4iQWcM2Lo+WwwuzmqF8cHq3iLH/+Ly
sxUwJh6k6IVzz6IcwiyrHUHMJ6Ha/4OpzSvl8reALVd61c3Z58ZNaP/pMSLXGidJ
CZ643IXi8CjCDo1Wb0cWkBuOl7DXwR+Sa89CHg6Z0bCE6bN/R/grCnmGXLxZyI4U
pHMptKYziQIDAQABo2UwYzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
JAYDVR0RBB0wG4IZY29tbXVuaXR5LmxldHNlbmNyeXB0Lm9yZzAOBgNVHQ8BAf8E
BAMCBaAwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEA1mdKhgjMvbvL
HD0mm64TSmLWUHrGuOLE87PXnXiNVJlNBtwUNiw9nQeq4FkjbE6efyWL+6AsNy50
dzRXBd84vNVgXXoRh5AruUA8AXinpShAhyREo8DMQw/HuWeIK7YLYB8gMLFue80s
o1noijL3h+Cw5bIV/J/c2LLtAZSUDirD7AtiLkNTZFd3qhYvp9eZ7SHASffBbEgZ
X4ggLMt5B1LoaTRvdqyg+ao7CGdvm6ZBF1hStC8rEX2cMPgT7zl+9Nyvv+I+I5kF
XLwENdIxb2ARMV4goXSuesE2GkXlSC8YAYkBQU89VvstKLw1E3kzW2U7WTqAg4BX
LiVnlFX7EQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICxDCCAaygAwIBAgIEGKT1XjANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhi
c3BhLmluYzAeFw0xNzEyMjkxMTUzNDZaFw0yNDEyMjkxMTUzNDZaMBMxETAPBgNV
BAMTCGJzcGEuaW5jMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ozU
vwG7bE6zhk1MRi1G+JkLy40Bi+qDJMgauaEFG4XXMZLWLFuEY4lo8Tbrm7PUrakE
e7GI3V03JxM8OgaGTuWmnbLMEJ/vskD06mYDqeBOuGZGBwApqsJbApkW7AKN9ymj
/nlU2rFTniXKu/lvIXX2aFjyRwAWHNf5CR5EVZMZhBjZgW/QDWIYSHXFA7JUSfLD
oli3jqF5NapRGiJU/Z0R3Zb/2HOutfVzPaHWXrEsPVsPcaUxPYqSl0KSjzj6wZBs
IN1gnX2BrUjSdr6RwDspxBj9CQkbZqo1kFzgvKw5grYQidISEOwtALb0AN9oKjqN
FB0pVqJasMPL0dcK+QIDAQABoyAwHjAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQE
AwIBhjANBgkqhkiG9w0BAQUFAAOCAQEART/ardk2M8ykudlpnCIrPjwrhapolvtg
LQy6vR5CnUoAsQsVHE/slatPAhzMYtJ+n2RUCbqwTrkn5+cfpRbUxkgbypGheP3q
aFGKZNgHYVkJD5Vx8bk5dbKcRUZwlfNRmmSbY+Hh2/hS1ubytWWc5zskbSEyYAwl
Id5W75gF7AQp+Dkq+vozVupgNIpLhaiLnmlNfaJ79O589UIRgIC1iRckTF5zu9EG
6Gt6uWElOzJ9cjeINriuZf0XrMyv+GBoFar7L75g2tJ9RB1l3wAxePscsLW4YvE8
Tq8fgqErE7RMoh/Iu6V3B1yuOLl1KFGN13UG5ZcLzN+Qgis47h0GCA==
-----END CERTIFICATE-----


#13

There is a MAN-IN-THE-MIDDLE


#14

Oh No!

What do I do?


#15

Corporate big bother is watching…
“SSL Inspection”
Who is BSPA INC ? ? ?
Is your system using a rogue proxy ? ? ?


#16

I have no freaking idea.

I do not use any proxy either.


#17

Who’s network are you on?


#18

I have a monthly internet subscription to our local telephone network - MTN Cameroon.


#19

Give them a call and ask them why your SSL connections are being intercepted.
Probably all their clients are being affected.

In the interim, do not treat any site you go to as secure.
Treat it like a public kiosk pc - use at your own risk !

If you have access to VPN through a secure point, that may overcome the prying eyes…


#20

How convenient!

Just when I am about to launch my startup, my website’s SSL is taken down by something.
We have had political issues in the country and I think it may be the national big brother.

Please I really need help. How can I get back my SSL?