Windows 7 Chrome - NET::ERR_CERT_DATE_INVALID

The only "bug" is that Windows 7 is too old to get security updates. Let's Encrypt may be the most well-known issuer of certificates, but it's really nothing specific to them. As roots expire, old systems that aren't getting security (including trust store) updates will have less and less access to the Internet. The only possible "fix" is to update to a supported platform. If Firefox still runs on Windows 7, you could try that since it uses its own trust store. Or, you can try using another CA, but that will just defer the problem until whichever root that CA has in the old trust store also expires.

In terms of specific steps to install the root (though this is from memory so I might be missing a step):

  1. Download https://letsencrypt.org/certs/isrgrootx1.pem (which may involve clicking through warnings, I guess, as you don't currently trust the root)
  2. Rename the file from isrgrootx1.pem to isrgrootx1.crt.
  3. Double-click the file.
  4. It should ask you to confirm that you want to add the certificate to the root store. You probably should check the thumbprint against some known-good source first here, too, but I'm not sure what a good source for that would be that you could reliably trust from such an old system.

I'm guessing somebody could put together a Powershell or batch file to simplify that somewhat. But again, you're just masking the problem of not getting security updates, and shouldn't actually consider any such system secure for anything.

5 Likes