How to repair an Invalid or revoked Trusted Certificate -- Odd error w/ diagnostics

Hello,

Thank you for writing to Microsoft Community Forums.

Is the PC connected to a Domain network?

I understand your concern, let us try few troubleshooting methods and check if that helps:

Method 1: Check Time & Date.

To do that,

1.    Tap on Windows + I on the keyboard and tap on Enter.

2.    Now click on Time & Language option.

3.    Now Click on Date & time under Time & Language.

4.    Select and set the correct time and restart your PC.

Method 2: Disable any third party Antivirus and Firewall.

To do that,

1.    Right click on the antivirus icon on bottom right corner of the taskbar.

2.    Click on the Disable option. Note: This option may be different for different antivirus program.

Method 3: Disable proxy.

To do that,

1.    Type inetcpl.cpl in the Windows search bar and tap on Enter.

2.    Click on the Connection tab and click on LAN Settings.

3.    Check mark Automatically Detect Settings and uncheck all the options.

4.    Restart your PC.

Note: Please re-enable the antivirus after performing the troubleshooting steps.

Method 4: If the issue still persists, security warning (not recommended).

To do that,

1.    Type inetcpl.cpl in the Windows search bar and tap on Enter.

2.    Click on the Advanced tab.

3.    Now, Uncheck Check for publisher’s certificate revocation and Check for server certificate revocation.

4.    Click on Apply and OK.

5.    Restart your PC and check if you are able to access the website on chrome.

Regards,

Sandeep Kumar M               
Microsoft Community – Moderator

Thanks for the reply.

1. The date and time is being set automatically on the desktop, same with the other machine. (I've set, changed, checked/unchecked automatic configuration and rebooted several times in past.) 
2. The only antivirus running is Windows 10 defaults, Defender (or whatever it's called these days).
3. The Proxy connections setting was already configured for automatic detection. 
4. The settings for checking server and publisher's certificate revocation were checked, as they are on the Surface machine, but I unchecked them and restarted the computer. No change. So I put those settings back. 

No resolution.

Hello, 

Thank you for replying with the required information.

Is this issue particular to dcplus.net website?

I appreciate your efforts for trying to fix this issue, usually, certificates are issued with a planned lifetime and explicit expiration date. A certificate may be issued for one minute, thirty years or even more. Once issued, a certificate becomes valid once its validity time has been reached, and it is considered valid until its expiration date. However, various circumstances may cause a certificate to become invalid prior to the expiration of the validity period. Such circumstances include change of name, change of association between subject and CA (for example, when an employee terminates employment with an organization), and compromise or suspected compromise of the corresponding private key. Under such circumstances, the CA needs to revoke the certificate. Refer the article on Troubleshooting Certificate Status and Revocation for more information.

However, let us try few more troubleshooting methods and check if that helps:

Method 1: Fix your connection is not private.

Refer the article on Fix connection errors and follow the steps mentioned under the section “Your connection is not private,” “NET::ERR_CERT_AUTHORITY_INVALID,”.

Method 2: If the issue persists try to go around the Certificate Revocation check.

To do that,

1.    Type Internet Options in the Windows search bar and tap on Enter.

2.    Click on the Advanced tab.

3.    Scroll and clear the check mark next to “Check for server certificate revocation” under the Security tab.

4.    Click on Apply and OK.

I also suggest you to contact Google Chrome support for more information on this issues. They will be able to help you further.

Regards,

Sandeep Kumar M               
Microsoft Community – Moderator

Thank you, Sandeep.

1.) No, it is not just dcplus.net. The issue is with any website using the free Let's Encrypt Authority XS certificate that relies on the DST Root CA X3 cert.

2.) Those methods did not solve the problem. (the last one was repetitive from your first response).

3.) The problem is with Chromium Edge, not just Google's Chrome browser.

Thanks any way.

Regards,

Zack

Hello Zack,

Thank you for the replying with the status of the issue.

I understand that you are facing issues with Google Chrome and Microsoft Edge, based on Chromium. As we have tried most of the troubleshooting steps to resolve this issue. We have a dedicated support for Microsoft Edge, based on Chromium. I suggest you to get in contact with the Microsoft Edge Insider support for more information and further support on this issue.

Regards,

Sandeep Kumar M               
Microsoft Community – Moderator

Thank you. The more I think about it, the more convinced I am that this is not a browser issue, it is a localized PC or client issue. The error is "server side" but the cert works on another PC, so that makes it a client issue, right? In fact, almost nobody has trouble with the Let's Encrypt cert. It's just one of my PCs.

I need to know where to go looking for ways to repair a corrupted local cert. Right? What am I missing? Other than asking Google about what's not a Chrome issue, what's my next step?

Hello,

Thank you for the reply.

As this issue is specific to Microsoft Edge, based on Chromium and Google Chrome browsers. The error code ‘This certificate was revoke by its certificate authority’ clearly shows that the certificate installed for the particular browser is having some issues. For issues with Microsoft Edge, based on ChromiumI suggest you to get in contact with theMicrosoft Edge Insider support and contact Google Chrome support for issues with Google Chrome browser for further support.

Regards,

Sandeep Kumar M               
Microsoft Community – Moderator