Hi, I created a Lets Encrypt certificate with the alternative chain a few days ago. Then my application, the Seafile Client / Windows 10 reported an invalid certificate. After I created a new certificate with the new default chain, the client reported no problems with the certificate. With the n…

It wouldn't surprise me. :slightly_smiling_face:

I have already contacted Seafile and received the answer that the Seafile client use the system certificate store. But if this is the case, then this should also work with the alternative chain, or am I wrong here? But since it throws an error with the alternative chain, I will probably also get a…

Well my website is https://hp-67.com/ And here are 2 views of the certificate chain: certsplainer: x509 certificate viewer SSL Security Test | Scan Web and Email Server SSL TLS STARTTLS Encryption If the web browser doesn't think ISRG Root X1 is the end of the chain but believes that DST Root CA…

The web browser (Firefox) is not the problem, this one did not throw an error with the alternative chain, it was just the Seafile client. But as far as I know browsers like to use their own certificate store...

Yes the Roots of Trust (i.e. the CA's [ Chain of Trust - Let's Encrypt ](Chain of Trust)) for the Certificates are store in most modern web browsers.

Also search for DST Root CA X3; and find like these 2. Help thread for DST Root CA X3 expiration (September 2021) IdenTrust DST Root CA X3 expiry

Yes, I have already seen these two threads, but they are rather general. Windows 10 should have the ISRG Root X1 in the certificate store according to this list. Certificate Compatibility - Let's Encrypt The main determining factor for whether a platform can validate Let’s Encrypt cer…

hmm root lazyload problem? can you open a isrg root x1 site with ms edge and try seafile again?

From my point of view it depends on what the browser takes as the Root Certificate, as ISRG’s “ISRG Root X1” is both (at the moment) an Intermediate and Root Certificate. If the browser takes it as the Root Certificate, then you should be good. If the browser takes it as an Intermediate Certifica…

Again, the browser is not my problem, my problem is the the seafile client, which is a desktop application, for e.g. Windows10. Or am I missing something?

Seafile client DST Root CA expiry

Help

Bruce5051 September 23, 2021, 1:11am 7

Also search for DST Root CA X3; and find like these 2.

Help thread for DST Root CA X3 expiration (September 2021)
IdenTrust DST Root CA X3 expiry

Topic		Replies	Views
DST Root CA X3 expiry countdown ISRG/Organizational	103	10280	May 23, 2022
Help thread for DST Root CA X3 expiration (September 2021) Help	720	168617	November 3, 2022
Should I add both DST Root CA X3 and ISRG Root X1 intermediates? Server	23	12662	September 6, 2018
Mozilla's certificate bundle is out of date Help	38	5693	October 8, 2021
Understanding DST Root expiry and the older default cert chain Help	36	3708	December 8, 2021

Seafile client DST Root CA expiry

Related topics