LetsEncrypt R3 SSL Certificate Issues *Solved*

ModernK9
New Member
1 0 1

I just wanted to post this in case anyone else encounters the same issues....

Since the Shopify outage/issues on September 30, we have been receiving complaints from some customers that they have been unable to access our store on various browsers and devices. These customers are encountering certificate errors when trying to access our site:

 

via Chrome on Android Devicevia Chrome on Android DeviceVia Safari on iPhoneVia Safari on iPhone


I ran an SSL check through a third-party website and received an error related to an expired R3 certificate issued by LetsEncrypt (which is a service used by Shopify):

Screen Shot 2021-10-02 at 12.06.28 PM.png

 

We reached out to Shopify Support who were unable to assist. They advised that the problem was with GoDaddy (where our domain is hosted).

Still having the same issue today. We contacted Shopify Support again, and they advised us that the problem was with our internet connection, devices, or browsers - and not with Shopify.

The Shopify Agent then "provisioned the SSL certificates"..... which fixed the problem completely:

 

Screen Shot 2021-10-02 at 11.59.24 AM.png

 

 

So, if you encounter this issue with your site, ask Shopify Support to "provision your SSL certificates", and that should fix the problem. 

..... Clearing the broswer cache, changings browsers/devices, etc. does nothing. The issue is on Shopify's end (even if they argue that it isn't)

Replies 7 (7)
MariaSabors
New Member
2 0 0

I' am trying to contact them and don't answer me. I am a little desperate. Thanks now I know whats the problem and that they can fix it.

I expect they contact me soon.

clrk
New Member
3 0 0

The Shopify Tech Team keeps insisting this is a local issue and will not help you.

They simply send you to these guidelines that in essence blame the user or local (browser/cache/os) error:

https://community.shopify.com/c/shopify-discussions/october-2021-ssl-certificate-why-am-i-seeing-the...

 

This is in fact a completely false and incorrect statement/workaround.

Many of your customers will not be able to access your store no matter what the Shopify tech team claims they should be doing.

 

Here's what you can try to do (it fixed it for me):

1. change the default primary domain to something else

2. remove both www. and non-www domain versions (and any others that you had)

3. remove Shopify's DNS A records from Registrar (Namecheap/GoDaddy/etc)

4. refresh and wait 15min (may need to wait for up to 1h for some registrars)

5. re-add Shopify's DNS records again

6. re-attach the domain back again to the Shopify and set it up as a primary domain

This should force the Shopify-Let's Encrypt connection and a new - working - certificate will be issued. 

 

Check SSL Labs to see if that helped you.

Farouk-dev
Shopify Partner
19 1 4

Hi @ModernK9 ,

I have a solution for you...
This should work for you, however regular people browsing/shopping won't know how to sort this out.
Its going to be a mess, imagine store owners running paid traffic only to land on this error.

To be frank, @Shopify isn't to be blamed here, they are victims as much as the rest of us.

So, the main reason you are seeing this is:

  1. You are running a really old iMac/PC/phone. Personally using OS X El Capitan.
    Apple isn't helping update from old DST Root CA X3 Certificate to the new ISGR Root X1.
  2. Your certificates on local machines haven't been updated. You need to update them manually...

Here is the quick solution, read further below to dive deeper into the the problem...

1. Download new ISGR Root X1 Certificate from:
https://letsencrypt.org/certs/isrgroo
2. Double click downloaded file to install the certificate.
3. Search for 'X1' certificate and double click it
4. CLick on 'Trust' dropdown link
5. Find "When using this certificate": Select "Always Trust"

Bit of details...

If you are running into this error:
NET::ERR_CERT_DATE_INVALID

Problem: On Sept 30th 2021 lets encrypt phased out the old DST Root CA X3 (and it's R3 intermediate) and replaced it with the new ISRG Root X1 Certificate.

This left tens and millions of websites stack with old certificate(including lots of shopify domain names running on Let's Encrypt SSL's). Older imacs and PC's couldn't update to new certificate hence running into the error above.

It really is annoying but certainly no one's fault, hope we find a solution for regular online shoppers before the holiday season otherwise, traffic will be wasted

kaylakarr
New Member
1 0 1

Thanks @Farouk-dev, this is the only thing that worked for me!

Farouk-dev
Shopify Partner
19 1 4

@kaylakarr Glad I could help!

hellootto
New Member
1 0 1

Big thanks, this solution worked perfectly. The iMac we had an issue with is runnings it's highest OS available to it,  El Capitan 10.11.6 and we had to drag and drop the certificate you have provided into the keychain folder, double clicking it wasn't working but it was resolved! 

Such a shame that our store users who are on outdated tech will continue to experience this problem.

Farouk-dev
Shopify Partner
19 1 4

@hellootto  Glad you managed to make it work!

For your store users, you could perhaps send out a reminder to your Newsletter subscribers...
Suggesting they use Firefox or any other browser other than Google chrome.

Long shot but great way to save your clients from the confusion.