Certificate error accessing site due to expired cert in trust chain
-
Our staff are experincing issues accessing https://windy.com due to an expired certificate in the trust chain which is not playing well with Fortigate firewalls in certain configurations. This prevents staff from accessing the site at all with the following error
This is because the windy.com R3 certificate has a expired cert in its trust chain
- https://www.ssllabs.com/ssltest/analyze.html?d=www.windy.com&s=143.204.128.52
The Fortigate issue is documented here - https://www.fortinet.com/blog/psirt-blogs/fortinet-and-expiring-lets-encrypt-certificates
and the expected certificate expiry is documented here - https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
The ultimate fix is for the windy.com certificate to be renewed without the expired cert in the trust chain. Can this please be arranged?
-
@brian-voller Hello, please see the related post.
We have stopped supporting certificates for older browsers, more information here. You will need to upgrade your browser.
-
This issue IS occurring in modern browsers
e.g.
Chrome 94.0.4606.71
Edge 94.0.992.38 -
@brian-voller Hello, did you clear your cache please?
-
-
@brian-voller Hello, as I mentioned, we stopped supporting old root certificates on older browsers - https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
We can recommend to use updated OS. Or if you still have issues, use the latest Mozilla browser 93.0., where you should not have any problems, since Mozilla downloads certificates on its own and does not rely on OS.
-
@korina Okay, is the latest version of Google Chrome Version 95.0.4638.54 (Official Build) (64-bit) an older browser and is there a possibility to access it through this browser?
-
@meteo2021 Hello, you may have a problem if you have an older operating system (Windows < XP SP3 or macOS < 10.12.1). Did you try the Mozilla browser 93.0.?