I have install wildcard ssl via plesk its has auto installation to letsencrypt. After installation having ssl warning page in some computer and mobile but I have check ssl with ssl checker like https://www.sslshopper.com/ssl-checker.html#hostname=https://www.deyspharma.com/
there is no error showing here. Please help to find where is the problem
My domain is:https://www.deyspharma.com/
Thanks in advance
Hi @san2roy, welcome to the LE community forum
Please show an example of the warnings.
This may be unrelated, but it is a BAD redirection (that will never be secured by this wildcard cert):
curl -Iki https://126.96.36.199/
cache-control: no-store, no-cache, must-revalidate,post-check=0, pre-check=0
content-type: text/html; charset=UTF-8
expires: Fri, 28 May 1999 00:00:00 GMT
last-modified: Wed, 01 Sep 2021 05:46:25 GMT
error is NET::ERR_CERT_AUTHORITY_INVALID and "This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store." when i am check certificate details.
You are not showing enough to be certain.
It looks like your test client might be unable to match the R3 intermediate cert to a trusted root.
If so, it is highly likely that your test client is rather outdated and may need to update its' root store.
If that is the case, and you are unable to update the test clients, then you may need to switch to another FREE CA - one that uses a much older trusted root [and might be found in your test client root store].
You have configured your ACME client to request the ISRG Root X1 certificate chain by default. This chain is not compatible with old clients like Android V7.0 and lower, or Windows XP.
To gain compatibility with these older clients you need to revert to using the default chain (
Your Certificate >
ISRG Root X1 >
DST Root CA X3).
DST Root CA X3 root will be expiring at the end of September, for most clients that's OK, but for some (like some versions of OpenSSL etc) it won't be. As @rg305 mentioned your other alternative is to switch to a different CA which does have a trusted root that all your clients have (you would have to test).
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.