Websites started having issues with SSL certificate

Hello,

The two websites which are facing the issues are: lanla.pl , shebella.pl

I have been using let's encrypt for years now, 3-4 days ago on 2 of my website strange issues started happening. People who are trying to visit my page are getting SSL certificate errors.

For PC visitors who have avast, they are getting blocked by avast with "URL:blacklist" infection error, people who are trying to browse with android or google chrome mobile are getting errors like: NET:: ERR_CERT_AUTHORITY_INVALID or SSL_UNTRUSTED

My hosting company is trying to find out what the issue is but they are unable as everything with certificate seems to be fine.

I checked my websites via let's debug, virus total, and many other sites, everything seems smooth:

Cheers,
Lukasz

This has nothing to do with your certificate. Avast believes your site is compromised, you have to check that with avast (or clean up your site)

Your websites look fine to me.

• SSL Server Test: shebella.pl (Powered by Qualys SSL Labs)
• https://www.ssllabs.com/ssltest/analyze.html?d=lanla.pl

Something is probably intercepting connections to your website and serving an improper certificate. Please tell us what the name of the CERT_AUTHORITY in that error is. Click on "more info, show certificate" or something like that.

Maybe it's a coincidence but:

image1048×522 73.6 KB

Maybe you can report it to them: False Positive File Form.

Yes, I am aware that the issue started happening 4 days ago, today I sent requests to avast for them to check, it might take up to a few days to receive a response.

I am not able to replicate the error on my side, I am asking some other person to try and get it, however after clicking "more info" (number 1 inthe screen) it redirects to a page which shows mutiple ways of fixing it, but not a specific certificate name etc. Just a dozen of links on how to fix certain issues.

When clicking on "advanced" this is number 2 in the screen, it says some default stuff about connection possible being interceptied etc.

xx506×817 148 KB

Click on the triangle with the ! (in the address bar) and show us the certificate.

there you go,
I can translate it into english if you wish, via some image translator.

z1460×815 125 KB

I am attaching it in separate reply as I am restricted to only 1 attachement as a new user

z2458×817 140 KB

That certificate looks fine at first sight.

What the hell. For some reason your phone does not like it.

Ok, you are serving the short chain. Android versions before 7.1.1 do not like that.

This is not only my phone, many people reported that it is not working for them both on PCs and mobile phones.

Is there some way to fix it?

On Android you can solve it by using the long chain. (Which is the default if you use Certbot)

On computers, you have to make your clients install the ISRG Root X1 root certificate. Or use a recent version of Firefox. Or switch certificate authority for one that has better support for old clients.

Seems a little bit too complicated for me, I am using let's encrypt as it is built in via my hosting company in their direct admin panel. I have no clue whether they have all of the certbot updates on the cloud servers they provide. I will forward this reply to them, maybe they can check if they are up to date with everything.

However this is all very strange as none of this issues appeared before 4 days ago, nobody reported anything.

That mainly depends on your clients. The only one your hosting can solve is the android compatibility one.

The rest, they're just too old.

The problem is the person who reported the mobile phone issue is using the latest android available

Then there is more than one issue. Right now it should only work on Android >= 7.1.1.

But, if you really are on a blocklist, that will give SSL errors to whoever gets filtered.

thank you sir, I really appreciate it. I already contacted both mcafee and avast, I will update you on the issue as soon as any of them replies to me.

Have a nice weekend

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.