Let's Encrypt certificate not trusted on Firefox

10,288

Solution 1

The answer above helped me a lot in finding a solution.

I installed the certificate using Certify: https://certify.webprofusion.com/ and it worked.

Regarding the outdated protocols ... Download IIS Crypto: https://www.nartac.com/Products/IISCrypto

Click on Best Practices (it will automatically select the recommended protocols and ciphers) and Apply. Then restart your server and everything is fixed .

enter image description here

Solution 2

Upon cursory examination, it would appear that you have a valid SSL certificate installed and configured. However, more thorough analysis courtesy of the Qualsys SSL Labs tool exposes a few issues: https://www.ssllabs.com/ssltest/analyze.html?d=beta.gplay.ro&latest

First, directly relating to the certificate, your server does not supply a certificate chain to the client, only the domain certificate. This requires them to go and download the Lets Encrypt Authority X3 certificate themselves in order to reconstruct the chain back to the DST Root CA X3. Any client that doesn't have that intermediate cert in their trust store and fails to successfully download a copy would fail the validation.

Second, your server has support for SSLv3 enabled, which is deprecated and regarded as a security risk, because it exposes the server to a plethora of vulnerabilities such as POODLE. You also have support for several very weak ciphers enabled, which doesn't help.

I would recommend configuring IIS to serve the full certificate chain instead of just the domain certificate, as well as disable support for SSLv3, if possible. If Firefox still doesn't like your certificate after that, more in-depth troubleshooting may be necessary.

Share:
10,288
F Andrei
Author by

F Andrei

Updated on June 04, 2022

Comments