Learn how to install ISRG Root certificate to remove the invalid certificate errors caused by caused by expired IdentTrust DST Root after 30th September, 2021
What happened ?
We are using Let's Encrypt to provide TSL certificate (https) to us across our web services. The root certificate used by Let's Encrypt i.e. IdentTrust DST Root CA X3 has been expired on 30th September 2021. Let's Encrypt has switched to using "ISRG Root X1" as the new root certificate. You can read the official announcement here.
These root certificate are part of operating systems and are generally updated during the OS update process. You might be facing this issue if your device doesn't have up-to-date information regarding certificates. If that is the case, you might face the similar issue on other websites as well. The issue looks similar to following:
Please follow this guideline on how to fix the above problem.
Restart your System
Before we proceed any further, you MUST restart your devices. Restarting will allow some system updates to be installed automatically. In some cases, this will be sufficient to solve the above problem.
After restart, please open your Sembark dashboard. If everything is working then there are no further actions required.
If the issue still exists, we will have to install the certificate manually. Continue reading to install it on your device.
We will start by downloading the latest certificate from the official website of Let's Encrypt. Visit https://letsencrypt.org/certificates/ from your browser.
You might be prompted with the same error here as well. Simply click on Show Advanced and click on Proceed to visit the website.
Scroll down till the Root Certificates section and download the
pem file from the ISRG Root X1 -> Self-signed url. We will use this file to install the certificate.
- Open command prompt application. To open it, click on "Windows" key on your keyboard and search for
cmd. Click on the "Command Prompt" application from the search results.
certmgrin the command prompt and press "Enter". This will open the "Certificates Manager" where you can view all your certificate.
- Under Trusted Root Certification Authorities -> Certificates, you can view the expired DST Root CA X3. Double clicking on it will show more details regarding its expiration.
- Now we will install the downloaded certificate. Right click on the
Certificatesfolder and click on
All Tasksand then click on
Importto start the process.
- That will open the Certificate Import Wizard. Click on
- That will open the file selection dialog. From the bottom-right corner of this dialog, change the drop-down option to All Files (.*)
- Now locate the downloaded pem file and click on it to select it. Once selected, click on
- Continue clicking on
Nexton subsequent screens.
- When prompted with security warning, click on "Yes" and that installation will be completed.
- If everything goes well, you will prompted with a success message.
Please visit your Sembark Dashboard and refresh the application. The error should be gone. You should also verify the lock icon in the search bar.
If you are still facing the issue, please reach out to our support team.