New Site Platform Bug Reports and Feedback Thread

[RCBinTN]

Thanks guys, but it did not work. First I cleared out the data and signed back in, still not secure. So, I killed everything and restarted the computer, logged back in but still not secure. Other thoughts? Oh, you're right I am using Chrome and it's the current version.

 

[RCBinTN]

ps. This may be on my end, as I can't get into Wikipedia either. Here's the message I get:

 

[joe]

@RCBinTN - What do you see when you open the certificate and click on the "ISRG Root X1" cert? (The top level)

EDIT: Here's what I see on Head-Fi and Wikipedia:

.

 

[RCBinTN]

Here are all three of them, Joe:

 

[joe]

Hmm. Yeah, talking with @HF_Ryan , he believes that the Root cert are installed in the browser.

Can you confirm which browser version you're using? Also: Mac or PC?

I'm on a Mac, and here's my Chrome version:

 

[RCBinTN]

I think my Chrome just updated itself, here are the details ... Head-Fi still shows Not Secure, I went back and cleared it again and restarted the computer. Aargh.

 

[MrWalkman]

It's the same in Windows, for me.

This is the Certification path:

@RCBinTN - What do you see when you open the certificate and click on the "ISRG Root X1" cert? (The top level)

EDIT: Here's what I see on Head-Fi and Wikipedia:

.

It seems that you don't see the "DST Root" certificate which shows that it expires on September 30th.

Firefox is similar to your browser, with both not showing the "DST Root" cert.

 

[RCBinTN]

Right - Mac OSX 10.11.6 El Capitan.

 

[MrWalkman]

I think I found some information about this.

Back in April 2019 I wrote Let's Encrypt to transition to ISRG root, where Let's Encrypt had planned to move away from the IdenTrust root to their own root, ISRG Root X1, that expires on 4th June 2035, giving us quite a number of years. The problem was, not many devices had received the necessary updates that include this new ISRG Root X1, issued 4 years prior in 2015! If a large selection of devices had not received an update to include this new root certificate, they simply won't trust it. This is basically the same problem we're experiencing now with the IdenTrust root expiring, because client devices haven't been updated, they also haven't received the new ISRG Root X1.

From here: https://scotthelme.co.uk/lets-encrypt-old-root-expiration/

 

[RCBinTN]

My Cert R1 is different than the one you show, Joe. Mine expires in 2024, yours in 2035.

 

[MrWalkman]

I managed to download the ISRG Root X1 certificate from here (I got to the link from here). I then got to "Manage certificates" in Google Chrome, and imported it. Cleared data, restarted Chrome, and it's now using the new one.

I also deleted the old one (DST Root etc.), but I don't recommend everyone to do it.

 

[joe]

I was just reading the link @MrWalkman posted when he posted it.

I also came across this: https://eclecticlight.co/2021/09/21...about-to-have-a-security-certificate-problem/

Admittedly, I've never self-installed a certificate as MrWalkman has. @RCBinTN - it may be worth a shot. I don't have an El Capitan machine to test on, so I can't confirm or deny. Do so at your own risk.

 

[RCBinTN]

Any idea how to do that on a Mac?

 

[HF_Ryan]

Hello again @RCBinTN,

As @MrWalkman discovered, it appears that manual installation of the new root certificate issued by Let's Encrypt is necessary. The only alternative is to upgrade macOS to get the updated set of pre-installed trusted root certificates.

To install, download, then double click the certificate and follow the on screen instructions. Hopefully this solves the issue!

EDIT: When it asks you which keychain to use, make sure to choose X509!

 

[RCBinTN]

Can you give me a little more detail please, Ryan?