Subset of Windows Users See Expired Let's Encrypt Certificates with `curl`

I'd suggest the following:

Browsing to https://valid-isrgrootx1.letsencrypt.org/ using IE (or IE mode) will prompt Windows to include ISRG Root X1 in its trust store automatically.

Where the trust store is not automatically updating they can manually install ISRG Root X1:

  • Browse to http://x1.i.lencr.org/ in order to download the .der file for ISRG Root X1 (your browser may warn about the file type and you may need to click "Keep" to save the file).
  • Open the file, click "Install Certificate..", Choose default option "automatically select..", Next, Finish
  • Reboot
4 Likes