Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Hi, I have installed ssl encrypt
In Mozilla and Chrome browsers, the computer version works properly and there is no problem, but unfortunately in the mobile version of Mozilla and Chrome browsers, the error is invalid.
error in google Chrome is:
Your connection is not private
Attackers might be trying to steal your information from www.shargher.ir (for example, passwords, messages or credit cards). Learn more
NET::ERR_CERT_AUTHORITY_INVALID
error in Mozilla firefox is:
This Connection is Untrusted
You have asked Firefox to connect securely to www.shargher.ir, but we can't confirm that your connection is secure.
What Should I Do?
If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.
Not only did I clear my phone's browser cache, but I logged in with another phone I had not used before and it had the same problem.
I do not have a problem with the computer and the problem of the mobile version of Chrome browser was also solved, but the Mozilla browser version of the phone still exists and considers this ssl invalid.
I can't duplicate this on my iPhone; the site loads without issues. ssllabs.com doesn't show any relevant problems either (there are some issues, like that you support TLS 1.0 and 1.1, but those wouldn't cause what you say you're seeing). I suspect this is something with the network you're using for the mobile device.
That server is sending the 'short chain' which is not compatible with older Android clients. What version of Android are you using on the remaining system with a problem?
The 'short chain' is not the default chain from Let's Encrypt so you must have chosen that for some purpose. Here is more background on the long and short chains. This forum site for example uses the long chain.
UPDATE: @hassanjf Oh, I just realized your server is IIS. That chooses your chain for you. Still, the above applies and what version of Android is causing a problem?
Yes, that is a known problem with the 'short chain'. It will not support secure connections with older Android versions. See the link I provided earlier.
There are some threads about what to do with Windows IIS and the short chain but I do not have them handy. Maybe another volunteer can provide further advise. Or, I might have time later today to look.
I found one of the older threads that I have given to people before. If that does not help you will have to wait for a Windows expert like griffin alerted or @rmbolger who also commented in the below thread
Thanks @MikeMcQ. The workarounds in that thread are still relevant and remain the only way to force Windows to serve the long chain that I know of.
However, wasn't one of the original workarounds to the lack of old Android support supposed to be switching to a mobile browser like Firefox that didn't use the underlying OS's trust store? And if so, shouldn't it be working on @hassanjf's device since he's using "Mozilla" (unless it's just a really old version of the browser app maybe)?
Yes, that was my understanding too that Firefox would still work. I was not sure what they meant by Mozilla either but since I could not advise on what to do about IIS anyway I cried for help
To cut a long story short, if you need to support the widest range of clients (old versions of android etc) it basically easiest to use ZeroSSL instead of Let's Encrypt. This is because their root certificate is still trusted on older operating systems (it expires in 2029 I think).
