Weird SSL Certificate Issue

Hi!

As the title says, I’m having a weird issue with the SSL certificate.

The certificate works fine, and my website loads securely, when I load my website (https://www.red-pine.ca) on all my browsers (Firefox, Chrome, Edge) on my WINDOWS computer. No issues there.

However, when I load my site on my Apple iMac computer in the browsers Safari and Chrome, I get a message saying “Your connection is not private” and states the certificate is not valid. Even weirder is that it works fine in Firefox on the mac.

This suggests to me there might be an issue with Safari and Chrome on the iMAC.

Does anyone have any clue why this might be happening? I’ve tried a bunch of things and nothing has worked. My SSL cert is from Let’s Encrypt.

TL;DR: My site loads securely on all browsers on my Windows PC. But the certificate is “not valid” when I load my site Safari and Chrome on my iMac.

What is going on? Any help or suggestions are welcome.

As SSL chains isn’t supported here, make sure you have updated root certificates on your iMac.

Thank you. I’m looking into this now. Hope it isn’t too difficult to do.

Apple does not seam to like LetsEncript. You can try what @FlutterHoney suggested, or you can try using GoGetSSL instead.

https://www.ssllabs.com/ssltest/analyze.html?d=www.red-pine.ca
Let’s Encrypt

I might try another SSL provider. Thank you.

Fine on Apple iPhone. Does your iMac have the latest updates that includes ISRG Root X1 to replace DST Root X3?

1 Like

Thank you very much for checking! Glad it works.
I do seem to have ISRG Root X1 but it hasn’t made any difference.
My iMac is old…2011…perhaps it’s just too old.

1 Like

Must be. Works fine on MacBook Air from 2019 with macOS Big Sur.

P.S. It works in Firefox on my iMac fine. It’s Safari and Chrome that’s my problem.

Because Firefox has their own root certificates store.

2 Likes

Ah, I see. That makes sense. I did check to see if I have the new root cert on my Mac and I do. So I’m not sure why it refuses to work still.

Firefox has its own Root Store composed my Mozilla, that’s why it works.
But Chrome and Safari use the local computer’s Root Store, and if it selects DST Root CA X3, it sees that it is expired and spoils the Chain of Trust.
If the computer does not have the latest updates, it will not know that ISRG Root CA X1 replaces DST Root CA X3, therefore it has no use for it.
Hope this provides some insight.

2 Likes

That helps a lot. Really appreciate your taking time to help. You too @FlutterHoney

3 Likes

@wackyblackie @FlutterHoney

I got everything to work on every browser on my old mac now. Oh the joy!

Thanks again for your help.

All the best.

4 Likes

You’re welcome! :blush:

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.