Windows 7 Chrome - NET::ERR_CERT_DATE_INVALID

We are also facing the same problem

Hi @proemtech welcome to the LE community forum :slight_smile:

Please edit your post and state your problem as well - not just "me too"
If you thread becomes too large it might need to be moved to a separate topic.
One that would begin with:

[not very helpful for anyone searching for help - once we are concluded here]

Our users are getting error NET::ERR_CERT_DATE_INVALID while accessing our portal with a valid letsencrypt certificate in Chrome, Chromiun and IE. But its working with Firefox as reported by other users.

1 Like

@proemtech
Which O/S are those systems using?

I'm sorry but I don't take anything for granted.
And, again, if this thread should get moved from this topic, it must stand on its' own two feet.
[yes, I can read the topic, read my posts]

1 Like

Windows7

1 Like

@proemtech
There are many reasons Win7 can be failing.
But it is likely due to an outdated trust root store.
You may need to manually add the "ISRG Root X1" cert for them to trust the new (short pathed) LE certs.

2 Likes

Just posted a similar, I cannot access sites using lets encrypt on my windows 7 PC using chrome. Firefox is fine, not sure how many people are still using windows 7 but for them lets encrypt has broken the internet.

1 Like

As suggested downloaded "ISRG Root X1" from https://letsencrypt.org/certs/isrgrootx1.der
and executed using below command
certutil -addstore Root isrgrootx1.der

Now its working with Windows 7 and Chrome

Thank you

4 Likes

Possibly. That's why I posted the order I did things in, in case visiting the sites in IE first is what "fixed" things. But I find it quite likely that the systems with problems are configured differently in some way than the VM image I downloaded.

2 Likes

that's obviously not a solution. You can't possibly ask a random visitor to manually install BLABLA because they are not technical experts. Also, even if you wanted to tell them what to do (not an option) you can't contact them, the website doesn't load in the first place due to the failure.

2 Likes

@lggr, this forum has an interesting mix of end-users wanting to fix their own computers and web site administrators wanting to improve/maintain compatibility of their web sites. This solution has already helped a number of end-users who were actively trying to diagnose and fix their own problems accessing web sites.

I hope we'll find better solutions that work for all web sites, but it's also possible that Let's Encrypt certificates simply won't be able to support certain clients in the future, especially client platforms that are no longer supported by their vendors. The web PKI model does depend on having software vendors maintain root certificate stores over time, which also means eventually pushing out new roots to replace old ones as the old roots go out of use.

Unfortunately, that problem isn't specific to Let's Encrypt in any way. All root certificates expire and are eventually withdrawn from use at some point. As @jsha pointed out in another thread, there seems to be an industry-wide mismatch or failure on this point; unfortunately, Let's Encrypt users are those happening to experience this at this moment, but users of other CAs will also experience it (or have already experienced it) at other times.

It's also a concern that so many people continue to use software that no longer receives security updates. I think @jsha's post suggested laying blame more with software (and sometimes hardware) vendors than with end users, but however we want to explain the problem, it's a really concerning issue; it's one of the ways that bot herders have been able to incorporate so many devices into their botnets. The increased use of cryptography makes this problem more directly visible because security updates for cryptographic systems are often not backwards-compatible.

7 Likes

I m not an expert, but it works for me (win7 - Chrome - Brave) :

I think i install these 3 files in what you call trusted store
In fact, the exact path in my french version is :
"Placer tous les certificats dans le magasin suivant / Autorités de certification racine de confiance"

1 Like

Installing intermediate certificates (R3) into a trust store is not recommended. Installing the roots is fine.

3 Likes

All my sites can’t show in windows 7 on chrome
This is big problems
And all sites in world also if use let’s Encrypt ssl.
Pls
See photo

I’m hope them solve this ASAP
If don’t I’m need change ssl certification company for a lot of sites

@liko
Have you tried any of the solutions provided for Win7?

Yes I’m tried all
And if can write explain step by step for upload files isrgootx x2 and etc . but I’m sure is don’t help to many use windows 7 with chrome .

All sites in worlds don’t work ssl lets encryption ssl
In chrome on windows 7 . I’m hope them solve this ASAP

All the LE roots can be found at:
Chain of Trust - Let's Encrypt (letsencrypt.org)

Once installed into your trusted roots folder, you may also need to reboot.

This article very hard to understand
Do you know how install this in plesk? Update some
For all user on windows 7 can show ssl in chrome ?
And fix

Thanks

You have Plesk on Windows 7?

1 Like

One of my clients had issues with older windows 7 machines not accepting the certificate.

I switched to the X1-only chain with --preferred-chain "ISRG Root X1" and have not heard back from them. So that might be worth giving a try if ppl cannot reach your website from win7.