My domain is: svn3.sliksvn.com
I ran this command: We run a Subversion hosting service over HTTPS (yes, Subversion still exists!) We are very happy with Let's Encrypt, but right now there are a few customers using TortoiseSVN (a Windows Explorer-integrated Subversion client) who are getting failures to validate the server certificate.
I installed a clean Windows 10 virtual machine and setup TortoiseSVN to investigate the problem myself, and I can reproduce it with latest, updated, Windows 10 and latest TortoiseSVN.
TortoiseSVN version and bundled libraries info:
TortoiseSVN 1.14.1, Build 29085 - 64 Bit , 2021/02/09 16:17:02
Subversion 1.14.1, -release
OpenSSL 1.1.1i 8 Dec 2020
As far as I know, TortoiseSVN bundles a new enough OpenSSL version to not exhibit the notorious validation issue.
It produced this output:
I'm not a Windows user, so I may be making mistakes, but it appears that the ISRG root is in my Windows' trust store. The DST root is also still there. I tried deleting the DST root, and disabling it, but this does not help the problem. The DST root seems to return anyway, so I cannot really delete it.
When I try to access the server using the default browser, the certificate is trusted correctly:
So, I am at a loss here for what could be wrong - and I'm fearing more customers running into this issue. So far, they have all been Windows users with TortoiseSVN.
My web server is (include version): Apache 2.4.49
The operating system my web server runs on is (include version): Ubuntu 18.04 LTS
My hosting provider, if applicable, is: self-hosted
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): acme_tiny.py
Any help would be appreciated so I can provide a solution for the users having validation trouble!