Fear not. Your website is working just fine and properly serving your certificate and the associated chain files correctly. The problem only exists with your Windows 7 PC because it is most likely missing a copy of the Let's Encrypt root certificate called
ISRG Root X1. For some reason, a lot of old Win 7 PCs are not automatically downloading the certificate like they should be.
If you want to verify whether you have the cert or not, there are two relatively quick methods.
- Open PowerShell and run the following command:
If you get an error that mentions "Cannot find path blah...", the cert is missing. Otherwise, it will show some output with a
- Open cmd.exe and run the following command:
reg query HKLM\Software\Microsoft\SystemCertificates\AuthRoot\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8
If you get an error about "unable to find the specified registry key...", the cert is missing. Otherwise, it will show a whole bunch of random text output that starts with
To fix the problem, you'll need to download a copy of the certificate and install it on your Windows 7 PC. There are two places to download it, both hosted by Let's Encrypt. This one uses HTTPS and you might have to click through a cert warning to get it. This one uses HTTP in case the first one doesn't work.
Once you have the file downloaded, find it in Explorer, right click, and choose
Install Certificate. There may be a security warning you have to click through because the file came from the Internet. All of the defaults in the Certificate Import Wizard are fine. Just click
Finish. If the import was successful, reboot your PC and try going to your site again and you should be working.