How to repair an Invalid or revoked Trusted Certificate -- Odd error w/ diagnostics

I have a Windows 10 Pro system, upgraded from 8.1 (or .2). It is a Dell desktop PC. The certificate store indicates that DST Root CA X3 has been revoked by its certification authority. I also have a Surface Pro 2017 with Windows 10 Pro. That machine indicates that certificate is fine, has not been revoked.

I discovered this problem troubleshooting an issue on my desktop. Chrome and the new Chromium Edge browsers will not allow access to sites using the Let's Encrypt certificate. Normal Edge has no problem. So for a long time I've simply used Edge. It works, and I never get an invalid cert problem. 

I've attached a screen shot that shows the cert path and browser page displays for one site (of many). 

Initially I thought it was a browser problem, but now I think it is a multi-factor problem. For one thing, my desktop is reporting a cert status that is different than another machine. For another, Edge doesn't appear to care or acknowledge the status of a revoked cert on the machine.

I need to fix the cert on my desktop. I tried exporting and copying from my Surface Pro, but that didn't solve the problem. Any suggestions? 

Many thanks!

|

Hello,

Thank you for writing to Microsoft Community Forums.

Is the PC connected to a Domain network?

I understand your concern, let us try few troubleshooting methods and check if that helps:

Method 1: Check Time & Date.

To do that,

1.    Tap on Windows + I on the keyboard and tap on Enter.

2.    Now click on Time & Language option.

3.    Now Click on Date & time under Time & Language.

4.    Select and set the correct time and restart your PC.

Method 2: Disable any third party Antivirus and Firewall.

To do that,

1.    Right click on the antivirus icon on bottom right corner of the taskbar.

2.    Click on the Disable option. Note: This option may be different for different antivirus program.

Method 3: Disable proxy.

To do that,

1.    Type inetcpl.cpl in the Windows search bar and tap on Enter.

2.    Click on the Connection tab and click on LAN Settings.

3.    Check mark Automatically Detect Settings and uncheck all the options.

4.    Restart your PC.

Note: Please re-enable the antivirus after performing the troubleshooting steps.

Method 4: If the issue still persists, security warning (not recommended).

To do that,

1.    Type inetcpl.cpl in the Windows search bar and tap on Enter.

2.    Click on the Advanced tab.

3.    Now, Uncheck Check for publisher’s certificate revocation and Check for server certificate revocation.

4.    Click on Apply and OK.

5.    Restart your PC and check if you are able to access the website on chrome.

Regards,


Sandeep Kumar M               
Microsoft Community – Moderator

2 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Thanks for the reply.

  1. The date and time is being set automatically on the desktop, same with the other machine. (I've set, changed, checked/unchecked automatic configuration and rebooted several times in past.) 
  2. The only antivirus running is Windows 10 defaults, Defender (or whatever it's called these days).
  3. The Proxy connections setting was already configured for automatic detection. 
  4. The settings for checking server and publisher's certificate revocation were checked, as they are on the Surface machine, but I unchecked them and restarted the computer. No change. So I put those settings back. 

No resolution.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hello, 

Thank you for replying with the required information.

Is this issue particular to dcplus.net website?

I appreciate your efforts for trying to fix this issue, usually, certificates are issued with a planned lifetime and explicit expiration date. A certificate may be issued for one minute, thirty years or even more. Once issued, a certificate becomes valid once its validity time has been reached, and it is considered valid until its expiration date. However, various circumstances may cause a certificate to become invalid prior to the expiration of the validity period. Such circumstances include change of name, change of association between subject and CA (for example, when an employee terminates employment with an organization), and compromise or suspected compromise of the corresponding private key. Under such circumstances, the CA needs to revoke the certificate. Refer the article on Troubleshooting Certificate Status and Revocation for more information.

However, let us try few more troubleshooting methods and check if that helps:

Method 1: Fix your connection is not private.

Refer the article on Fix connection errors and follow the steps mentioned under the section “Your connection is not private,” “NET::ERR_CERT_AUTHORITY_INVALID,”.

Method 2: If the issue persists try to go around the Certificate Revocation check.

To do that,

1.    Type Internet Options in the Windows search bar and tap on Enter.

2.    Click on the Advanced tab.

3.    Scroll and clear the check mark next to “Check for server certificate revocation” under the Security tab.

4.    Click on Apply and OK.

I also suggest you to contact Google Chrome support for more information on this issues. They will be able to help you further.

Regards,

Sandeep Kumar M               
Microsoft Community – Moderator

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Thank you, Sandeep.

1.) No, it is not just dcplus.net. The issue is with any website using the free Let's Encrypt Authority XS certificate that relies on the DST Root CA X3 cert.

2.) Those methods did not solve the problem. (the last one was repetitive from your first response).

3.) The problem is with Chromium Edge, not just Google's Chrome browser.

Thanks any way.

Regards,

Zack

1 person found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hello Zack,

 

Thank you for the replying with the status of the issue.

I understand that you are facing issues with Google Chrome and Microsoft Edge, based on Chromium. As we have tried most of the troubleshooting steps to resolve this issue. We have a dedicated support for Microsoft Edge, based on Chromium. I suggest you to get in contact with the Microsoft Edge Insider support for more information and further support on this issue.

Regards,

Sandeep Kumar M               
Microsoft Community – Moderator

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Thank you. The more I think about it, the more convinced I am that this is not a browser issue, it is a localized PC or client issue. The error is "server side" but the cert works on another PC, so that makes it a client issue, right? In fact, almost nobody has trouble with the Let's Encrypt cert. It's just one of my PCs.

I need to know where to go looking for ways to repair a corrupted local cert. Right? What am I missing? Other than asking Google about what's not a Chrome issue, what's my next step?

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hello,

Thank you for the reply.

As this issue is specific to Microsoft Edge, based on Chromium and Google Chrome browsers. The error code ‘This certificate was revoke by its certificate authority’ clearly shows that the certificate installed for the particular browser is having some issues. For issues with Microsoft Edge, based on ChromiumI suggest you to get in contact with theMicrosoft Edge Insider support and contact Google Chrome support for issues with Google Chrome browser for further support.

Regards,


Sandeep Kumar M               
Microsoft Community – Moderator

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info


Last updated May 10, 2021 Views 8,831 Applies to: