Unable to open our neurodisordersconference.com website since September, 30th on wards, by using LetsEncrypt SSL Free certificate ISRG RooT X1 version, which is not working in chrome and safari browsers as well

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: neurodisordersconference.com

I ran this command:

It produced this output: " Your connection is not private

Attackers might be trying to steal your information from neurodisordersconference.com (for example, passwords, messages, or credit cards). Learn more


My web server is (include version): apache

The operating system my web server runs on is (include version): Linux

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot

@snvs I am able to view your site with modern browsers.

The default chain your server uses is the same as the one used by this website and has an expired DST Root CA X3. This was done to provide support for older Android clients. While helping those it has caused issues for others - mostly older other devices. The expiry of DST has itself caused issues for clients that do not trust the ISRG Root X1 even though it has been around since 2015.

Here are some options to address the clients you need to support.

  1. You could switch to the so-called 'short chain' that omits the DST cert which can be easily done with Certbot v1.12 or later. (losing best support for older androids).
  2. Instruct people with the error how to update their system to access any server using the chain with DST Root CA X3 or ISRG Root X1
  3. Switch to a different CA (Certificate Authority)

There are many threads in this forum discussing these topics. Here are a few to get you started. Also, it would be helpful if you could provide more details of the specific browser and operating system versions of the clients having trouble. As I noted, your site uses the same cert chain as this site and many people access this fine.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.