so looks like i am affectedby this issue.
“some” browsers this morning started saying the certificate was expired, when it wasn’t.
i renewed the certificate anyway just to be sure.
i think i am being affected because we have some andoird devices that run andoird 5.x (samsumg have no updates for them). we use those devices for 1 specific android app and for occasional web access to our own employee website.
if i use firefox it seems to be ok, as i assume firefox has built-in support for this, whereas the samsung browser says the site is not safe.
strangley i also has safari on iOS15 say the same this morning, but after renewing the certificate it is now fine. chrome desktop has had no issues at all before or after the certificate renewal)
so am i basically out of luck due to the android version on some of the devices we have?
So until today we though old android was going to be supportable however further testing after the R3 expiry has revealed that when the DST Root CA X3 expires windows won’t trust it and won’t use it in IIS certificate chains without moving ISRG Root X1 (self signed) into the Untrusted store, which isn’t ideal and may cause other issues.
Yes, it’s roughly the same. You should do a test with a few certificates to ensure compatibility with your expected clients but once you have the account added to the app it’s fairly easy to switch between them. You can set a global preference under Settings or per certificate (Advanced > Certificate Authority). ZeroSSL is a little more complex because you need to set the EAB credentials on first adding the account to Certify The Web.
just tried to issue a certificate using ZeroSSL (on a test domain we have).
i added the EAB credentials as required, added the domain, requested a certificate and got the following error
2021-10-04 14:38:02.662 +01:00 [INF] All Tests Completed OK
2021-10-04 14:38:11.162 +01:00 [INF] [Preview Mode] An error occurred installing the certificate. Certificate file may not be valid:
2021-10-04 14:38:18.140 +01:00 [INF] ---- Beginning Request [ctspalmtop.uk] ----
2021-10-04 14:38:18.141 +01:00 [INF] Certify/5.5.5.0 (Windows; Microsoft Windows NT 6.1.7601 Service Pack 1)
2021-10-04 14:38:18.145 +01:00 [INF] Beginning Certificate Request Process: ctspalmtop.uk using ACME Provider:Certes
2021-10-04 14:38:18.145 +01:00 [INF] Requested identifiers to include on certificate: ctspalmtop.uk;www.ctspalmtop.uk
2021-10-04 14:38:18.147 +01:00 [INF] Beginning certificate order for requested domains
2021-10-04 14:38:18.147 +01:00 [INF] BeginCertificateOrder: creating/retrieving order. Retries remaining:2
2021-10-04 14:38:18.920 +01:00 [INF] Created ACME Order: https://acme.zerossl.com/v2/DV90/order/-KL-QkbXltsRJOdfjJoxeA
2021-10-04 14:38:19.435 +01:00 [INF] Fetching Authorizations.
2021-10-04 14:38:21.653 +01:00 [INF] Got http-01 challenge https://acme.zerossl.com/v2/DV90/chall/OVCteR9e6YOiWKQxiP4xCQ
2021-10-04 14:38:22.105 +01:00 [INF] Got dns-01 challenge https://acme.zerossl.com/v2/DV90/chall/usj5uavyKRdM60HMqJRkkA
2021-10-04 14:38:23.090 +01:00 [INF] Got http-01 challenge https://acme.zerossl.com/v2/DV90/chall/POkQcE1RjZFx4IsDv5fJOA
2021-10-04 14:38:23.592 +01:00 [INF] Got dns-01 challenge https://acme.zerossl.com/v2/DV90/chall/4v7u1IcJsdjyWzil-3dqXQ
2021-10-04 14:38:24.657 +01:00 [INF] Http Challenge Server process available.
2021-10-04 14:38:24.657 +01:00 [INF] Attempting Domain Validation: ctspalmtop.uk
2021-10-04 14:38:24.657 +01:00 [INF] Registering and Validating ctspalmtop.uk
2021-10-04 14:38:24.658 +01:00 [INF] Performing automated challenge responses (ctspalmtop.uk)
2021-10-04 14:38:24.661 +01:00 [INF] Preparing challenge response for the issuing Certificate Authority to check at: http://ctspalmtop.uk/.well-known/acme-challenge/fEz55nlgmBlXug78vDJSxP1pAAOlQn_fnSLph1yyhk8 with content fEz55nlgmBlXug78vDJSxP1pAAOlQn_fnSLph1yyhk8.Ha_tJ9lEJKefAQOx8ZrgMKQ1yIszwEWfK2tixjjKRGU
2021-10-04 14:38:24.661 +01:00 [INF] If the challenge response file is not accessible at this exact URL the validation will fail and a certificate will not be issued.
2021-10-04 14:38:24.698 +01:00 [INF] Using website path C:\inetpub\ctspalmtop
2021-10-04 14:38:24.699 +01:00 [INF] Checking URL is accessible: http://ctspalmtop.uk/.well-known/acme-challenge/fEz55nlgmBlXug78vDJSxP1pAAOlQn_fnSLph1yyhk8 [proxyAPI: True, timeout: 5000ms]
2021-10-04 14:38:25.799 +01:00 [INF] URL is accessible. Check passed.
2021-10-04 14:38:25.800 +01:00 [INF] Requesting Validation: ctspalmtop.uk
2021-10-04 14:38:25.811 +01:00 [INF] Http Challenge Server process available.
2021-10-04 14:38:25.811 +01:00 [INF] Attempting Domain Validation: www.ctspalmtop.uk
2021-10-04 14:38:25.811 +01:00 [INF] Registering and Validating www.ctspalmtop.uk
2021-10-04 14:38:25.811 +01:00 [INF] Performing automated challenge responses (www.ctspalmtop.uk)
2021-10-04 14:38:25.811 +01:00 [INF] Preparing challenge response for the issuing Certificate Authority to check at: http://www.ctspalmtop.uk/.well-known/acme-challenge/as9nyIS8k5pJh2Fr66fFOiHQ7y1ANn_8EnEkzdBEHQM with content as9nyIS8k5pJh2Fr66fFOiHQ7y1ANn_8EnEkzdBEHQM.Ha_tJ9lEJKefAQOx8ZrgMKQ1yIszwEWfK2tixjjKRGU
2021-10-04 14:38:25.811 +01:00 [INF] If the challenge response file is not accessible at this exact URL the validation will fail and a certificate will not be issued.
2021-10-04 14:38:25.829 +01:00 [INF] Using website path C:\inetpub\ctspalmtop
2021-10-04 14:38:25.830 +01:00 [INF] Checking URL is accessible: http://www.ctspalmtop.uk/.well-known/acme-challenge/as9nyIS8k5pJh2Fr66fFOiHQ7y1ANn_8EnEkzdBEHQM [proxyAPI: True, timeout: 5000ms]
2021-10-04 14:38:26.769 +01:00 [INF] URL is accessible. Check passed.
2021-10-04 14:38:26.770 +01:00 [INF] Requesting Validation: www.ctspalmtop.uk
2021-10-04 14:38:26.784 +01:00 [INF] Attempting Challenge Response Validation for Domain: ctspalmtop.uk
2021-10-04 14:38:26.785 +01:00 [INF] Registering and Validating ctspalmtop.uk
2021-10-04 14:38:26.785 +01:00 [INF] Checking automated challenge response for Domain: ctspalmtop.uk
2021-10-04 14:38:29.542 +01:00 [INF] Domain validation completed: ctspalmtop.uk
2021-10-04 14:38:29.543 +01:00 [INF] Attempting Challenge Response Validation for Domain: www.ctspalmtop.uk
2021-10-04 14:38:29.543 +01:00 [INF] Registering and Validating www.ctspalmtop.uk
2021-10-04 14:38:29.543 +01:00 [INF] Checking automated challenge response for Domain: www.ctspalmtop.uk
2021-10-04 14:38:31.440 +01:00 [INF] Domain validation completed: www.ctspalmtop.uk
2021-10-04 14:38:31.441 +01:00 [INF] Requesting Certificate via Certificate Authority
2021-10-04 14:38:46.759 +01:00 [ERR] Certificate request process failed: Certes.AcmeException: Failed to finalise certificate order. Final order status was Processing
at Certify.Providers.ACME.Certes.CertesACMEProvider.<CompleteCertificateRequest>d__35.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Providers\ACME\Certes\CertesACMEProvider.cs:line 0
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Management.CertifyManager.<CompleteCertificateRequestProcessing>d__17.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Core\Management\CertifyManager\CertifyManager.CertificateRequest.cs:line 953
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Management.CertifyManager.<PerformCertificateRequestProcessing>d__16.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Core\Management\CertifyManager\CertifyManager.CertificateRequest.cs:line 758
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Management.CertifyManager.<PerformCertificateRequest>d__14.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Core\Management\CertifyManager\CertifyManager.CertificateRequest.cs:line 461
Certes.AcmeException: Failed to finalise certificate order. Final order status was Processing
at Certify.Providers.ACME.Certes.CertesACMEProvider.<CompleteCertificateRequest>d__35.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Providers\ACME\Certes\CertesACMEProvider.cs:line 0
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Management.CertifyManager.<CompleteCertificateRequestProcessing>d__17.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Core\Management\CertifyManager\CertifyManager.CertificateRequest.cs:line 953
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Management.CertifyManager.<PerformCertificateRequestProcessing>d__16.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Core\Management\CertifyManager\CertifyManager.CertificateRequest.cs:line 758
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Management.CertifyManager.<PerformCertificateRequest>d__14.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Core\Management\CertifyManager\CertifyManager.CertificateRequest.cs:line 461
2021-10-04 14:38:46.760 +01:00 [INF] ctspalmtop.uk: Request failed - Failed to finalise certificate order. Final order status was Processing Certes.AcmeException: Failed to finalise certificate order. Final order status was Processing
at Certify.Providers.ACME.Certes.CertesACMEProvider.<CompleteCertificateRequest>d__35.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Providers\ACME\Certes\CertesACMEProvider.cs:line 0
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Management.CertifyManager.<CompleteCertificateRequestProcessing>d__17.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Core\Management\CertifyManager\CertifyManager.CertificateRequest.cs:line 953
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Management.CertifyManager.<PerformCertificateRequestProcessing>d__16.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Core\Management\CertifyManager\CertifyManager.CertificateRequest.cs:line 758
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Management.CertifyManager.<PerformCertificateRequest>d__14.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Core\Management\CertifyManager\CertifyManager.CertificateRequest.cs:line 461
2021-10-04 14:38:46.760 +01:00 [INF] ctspalmtop.uk: Request failed - Failed to finalise certificate order. Final order status was Processing Certes.AcmeException: Failed to finalise certificate order. Final order status was Processing
at Certify.Providers.ACME.Certes.CertesACMEProvider.<CompleteCertificateRequest>d__35.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Providers\ACME\Certes\CertesACMEProvider.cs:line 0
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Management.CertifyManager.<CompleteCertificateRequestProcessing>d__17.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Core\Management\CertifyManager\CertifyManager.CertificateRequest.cs:line 953
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Management.CertifyManager.<PerformCertificateRequestProcessing>d__16.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Core\Management\CertifyManager\CertifyManager.CertificateRequest.cs:line 758
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Management.CertifyManager.<PerformCertificateRequest>d__14.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Core\Management\CertifyManager\CertifyManager.CertificateRequest.cs:line 461
2021-10-04 14:38:48.072 +01:00 [INF] ctspalmtop.uk: Request failed - Failed to finalise certificate order. Final order status was Processing Certes.AcmeException: Failed to finalise certificate order. Final order status was Processing
at Certify.Providers.ACME.Certes.CertesACMEProvider.<CompleteCertificateRequest>d__35.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Providers\ACME\Certes\CertesACMEProvider.cs:line 0
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Management.CertifyManager.<CompleteCertificateRequestProcessing>d__17.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Core\Management\CertifyManager\CertifyManager.CertificateRequest.cs:line 953
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Management.CertifyManager.<PerformCertificateRequestProcessing>d__16.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Core\Management\CertifyManager\CertifyManager.CertificateRequest.cs:line 758
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Management.CertifyManager.<PerformCertificateRequest>d__14.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Core\Management\CertifyManager\CertifyManager.CertificateRequest.cs:line 461
ZeroSSL is slightly less mature as a service than Let’s Encrypt, they sometimes do have odd behaviour for challenges as slow order processing but it does generally recover.