Stackoverflow showing outdated LetsEncrypt certs. Why?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

I'm constantly getting outdated LetsEncrypt certs from Stackoverflow and can't access the website. Seems like it's more of a forum related to developing web using LetsEncrypt but I also thought this is where people would know the best.

I don't know what triggered this but from today, Stackoverflow is keep showing an outdated certificate that is automatically banned by Chrome. I can't access to any of Stackoverflow & sibling sites. It's only happening on my PC and my laptop, second PC can access to Stackoverflow and see right certs. Makes me worry about possible malware.

The bad cert Stackoverflow shows some different property compared to the right one:

  • valid date has been expired. It's valid from Oct ?, 2020 ~ Jan 3, 2021
  • Certificate's serial number hash was different
  • Certificate's issuer was slightly different. The right one said: CN=R3, O=Let's Encrypt, C=US but the bad one says: CN=Let's Encrypt authority x3
    (This is the major reason why I'm asking on this community.)

What's going on? I can't connect to Reddit either and I think there's some relation to this issue.
I initially erased Chrome's cache and it went away but shortly after it came back. It's again not working.

1 Like

Hi @helpcert

that's the old Letsencrypt intermediate certificate.

First step: Clean your browser cache.

Second: Compare the ips.

ping stackoverflow.com

from your working and from your not working system. IP addresses should be the same.

So you have a local problem.

Old / expired hosts entry? Happens :wink:

3 Likes

Like @JuergenAuer said, this is likely because your browser cached the old certificate and isn't loading the new one.

Usually to solve this, I use the following order:

  • hold shift while pressing reload
  • restart browser
  • hold shift while pressing reload, on restarted browser
  • clear browser cache
2 Likes

While this is a possibility, there is also legitimate security software you could be running that has the capability to intercept your web traffic as well.

2 Likes

Hi Juergen,

Thanks for a very reassuring answer. As you suggested, I erased all cache & cookies for the last 7 days and it is now resolved. (previously I only erased cookies)

Good to know that this kind of incident can happen from time to time and not particularly a sign of a security breach. It was starting to get scary af.

Have a good day and stay healthy!

1 Like

Holding shift didn't solve the problem though. What does holding shift and pressing reload do? You mean refresh when you said reload right? i.e, Shift + F5

Nevertheless, the problem is fixed. :slight_smile:

1 Like

Dear Juergen,

Sorry for the frequent post but the problem is not going away even though I flushed the past 7 days cache /cookies on Chrome.
This is not only happening on Chrome but also on FireFox, Edge, and other browsers. None of them can access to StackOverflow on this machine.

Could it be a different problem then? Feels like some cert related file in my PC is causing the problem.

Is this even possible? I opened up Stackoverflow simultaneously on two different browsers and one says it has valid cert and the other says it doesn't.

FYI, I installed two Chromes. Can this be a possible culprit? :thinking:

I am facing the same issue.
Edit: it was caused by the goodbyedpi program, removing it solved the problem.

3 Likes

If you have an "anti-virus software" with a deep inspection, such things are possible.

Thanks sharing that result :+1:

3 Likes

The certificate from the screenshot on the right is the previous certificate of stackoverflow, which was renewed on December 3rd, its current certificate and which you can see on the left.

It's indeed very strange why the right browser persists in showing the old certificate. All four the IP addresses I get for stackoverflow.com result in the same valid certificate.

Do you have the same IP addresses when you resolve stackoverflow.com?:

stackoverflow.com.	3600	IN	A	151.101.65.69
stackoverflow.com.	3600	IN	A	151.101.1.69
stackoverflow.com.	3600	IN	A	151.101.129.69
stackoverflow.com.	3600	IN	A	151.101.193.69
1 Like

Did you delete the cache on the 2nd Chrome and the Firefox browser as well as your first Chrome where it seemed to have worked?

1 Like

Yes I did. I deleted all cache + browser history + cookies on 1st Chrome and 2nd Chrome.
However as I stated above this DID NOT solve the problem.

I erased the 2nd Chrome and thought it solved the problem but apparently, the more likely cause is goodbyedpi as @Trojaner suggested. I have always opened that program when this happened, too.

2 Likes

@Trojaner, I think that is the most likely cause of the problem. As you suggested I also use goodbyedpi program and it was always kept open during the incidents.

I thought the problem was with the 2nd Chrome installed but I think that was a false causation.

Thanks for sharing a solution!

ERR_CERT_DATE_INVALID Stackoverflow
just leaving key error messages for a better SEO

2 Likes

Linking related goodbyedpi issue here: https://github.com/ValdikSS/GoodbyeDPI/issues/200

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.