Hi, some customers are trying to access to my website and they see the common message saying the site is not secure. The certificate SSL is installed correctly and it didn't expire.
Searching in Google, I read it is related a root certificate that was renewed some weeks ago.
Someone could help me? What steps should I do on the server to don't show that error message to my customers? Or what steps should my customers do in their browsers to don't get this error message?
please share your domain.
I can't reproduce the issue. However, some customers can't access.
@asipicki Your IIS server is sending the "short chain". You should review these two topics for an explanation of your options
If you have other clients having problems that these do not explain please post more info about them - the kind of clients, their versions and so on.
Thanks for your reply.
Is there a way to change the let's encrypt configuration for sending the long chain instead of the short chain?
@asipicki Windows IIS will create its own chain so you need to work with that. If you were using a different server like Apache or nginx you can specify which chain to send easily. I do not know much about IIS so all I can offer is the link I already provided about IIS that has two IIS experts (@webprofusion and @rmbolger) helping someone else with a similar problem.
Your site is properly serving the short "alternate" chain which should be valid for just about everything except old Android devices. So if the users who are having trouble are not using old Android devices, switching chains to the long "default" chain won't fix them.
Do you know what software/OS/browser/device the problem users are using?
They are using Windows 7 Service Pack 1 with the latest Chrome version.
I can't ask him to upgrade the SO but I could ask him to use another browser. Do you know what browser could be compatible using that SO?
Firefox will work out of the box.
However, Chrome should work just fine on Win 7. If Chrome has issues, this is an indication that the OS (Windows) has not loaded ISRG Root X1 for some reason. This should have been done automatically for Windows users.
For systems where this failed, it is possible to install ISRG Root X1 manually. Once that is done, Chrome should work again (with all Let's Encrypt certified sites).
Thanks! I will ask to the customer to try this!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.