My cert will not expire until 11/11/21 However Im getting the R3 Error below. Please advise on what I need to do to fix this error. I also believe I have a redirect as well, does that impact anything? Thank you. My domain is: tigeowners.com My web server is :Bitnami LAMP 7.3.15-0 running on an AWS…

This thread describes the situation @Osiris pointed out and shows how to correct it for Apache [image] Invalid cert when accessing from Android 6 Help H…

That's probably because your server does not send any intermediate certificate(s), but just the end leaf cert: --- Certificate chain 0 s:CN = tigeowners.com i:C = US, O = Let's Encrypt, CN = R3 --- That's bad and can lead to unexpected results, as you're seeing now. If you've used a tutorial …

@MikeMcQ Please note that Bitnami stacks often don't use the regular Apache locations and/or configurations, so generic Apache instructions probably won't work directly, but need some "translation" to Bitnami.

It's the place to ask... :man_dancing: [image] Bitnami Community Bitnami Community site

Probably (the browser is) using the cross-signed R3 signed by DST Root CA X3 . Edit: Yup. I see it in the tree in the certificate screenshot.

[image] griffin: Probably using the cross-signed R3 signed by DST Root CA X3 . Edit: Yup. I see it in the tree in the certificate screenshot. Nope, earlier it wasn't sending any intermediate, see my post above. Currently however, the default certificate chain is being send: --- Certificate…

[image] Osiris: Nope, earlier it wasn't sending any intermediate, see my post above. I clarified to specify the browser. :wink:

Sneaky ninja edit! Yeah I don't really understand why and how browsers are still using that intermediate, even if it's not send by the server? Maybe cached from a different incorrectly configured server? It's got to come from somewhere.

[image] Osiris: Maybe cached from a different incorrectly configured server? It's got to come from somewhere. It could also have been cached from a correctly configured server that was visited two weeks ago. Not sure how long these caches live.

[image] griffin: It could also have been cached from a correctly configured server that was visited two weeks ago. Two weeks? You mean five months? The R3-signed-by-DST Root CA X3 hasn't been in use since May this year :wink:

It expired on September 29. GoDaddy was using it as recently as a month ago. Just because Let's Encrypt stopped including it doesn't mean it stopped being used. :grin:

R3 Cert Expired

Help

MikeMcQ October 12, 2021, 5:40pm 3

This thread describes the situation @Osiris pointed out and shows how to correct it for Apache

Topic		Replies	Views
R3 intermediate certificate has expired, how to renew it with cert-bot renew Help	10	7382	November 2, 2021
R3 certificate expired — macOS Help	8	9330	October 30, 2021
R3 Intermediate certificate has expired Help	133	36872	November 1, 2021
Can some one explain how renewal expiration of R3 works? Help	26	3275	October 31, 2021
All my Google Cloud sites are down due to expired R3 certificate Help	9	1713	November 5, 2021

R3 Cert Expired

Related topics