Anyone else getting this warning from the CaB site?

[NoSleep]

Opera and Chrome are telling me:



Firefox seems fine with the site.

[Endicott]

Not me. Chrome is happy and tells me the certificate is valid until Nov.

[MojoJojo]

Yeah, I'm seeing valid until 13th November.

Timely reminder for who ever needs to sort that out?

[Zetetic]

It automatically renews using certbot IIRC. (Unless that breaks, in which case it doesn't.)

[NoSleep]

It isn't the usual certification warning, though. The warning doesn't mention certification.

[Zetetic]

Are you able to show the certificate that you're getting though, NoSleep?

Edit: It does refer to a certificate, insofar as ERR_CERT_DATE_INVALID refers to an invalid date in one of the certificates involved.

[NoSleep]

How? Usually that is offered via the warning (and this isn't the usual warning).

[Zetetic]

Click the lock or warning triangle next to the URL, I think. Somewhere in there.

[Zetetic]

No issues shown by Qualys's checker.

[NoSleep]

No issues shown by Qualys's checker.

The time it was last assessed on there was an hour ago and the problem has arisen within that time.

[Zetetic]

I assessed it on there in the last ten minutes

14:51:28 UTC is 15:51:28 BST.

[Cold Meat Platter]

Check the date/time on your device.

[NoSleep]

I assessed it on there in the last ten minutes

14:51:28 UTC is 15:51:28 BST.

Ah, OK.

[NoSleep]

Check the date/time on your device.

It's a desktop and it says 16:00 30 September

[Elderly Sumo Prophecy]

It's because I'm trying to steal your passwords, messages and credit cards. Now hold still.

[Zetetic]

It's something to do with the DST Root CA X3 certificate, and competing trust paths.

Your browser should ignore the SRG Root X1 certificate sent by the CaB server (which is signed by the expired DST X3 cert, found in most browser/OS cert stores) in favour of the one that it should have in its cert store, I think. Don't know why it isn't.

[Zetetic]

https://scotthelme.co.uk/lets-encrypt-old-root-expiration/

[Shoulders?-Stomach!]

Had this in the past, normally when using wifi abroad.

[JaDanketies]

There's actually been an SSL disaster today that has affected millions of websites, fyi. This is probably the cause of OP's issue. I don't know much of the details cos it's no longer my job to know, but if you go on Twitter and search SSL you'll probably see something.

Nothing that badmin can do about it afaik because it's a third-party fuck-up and they're more interested in getting a thousand shopify sites back online than simplemachines forums. 

[NoSleep]

https://scotthelme.co.uk/lets-encrypt-old-root-expiration/

Looks like this was inevitable today (depending on your browser). Everything will probably sort itself by tomorrow.

There's actually been an SSL disaster today that has affected millions of websites, fyi. This is probably the cause of OP's issue. I don't know much of the details cos it's no longer my job to know, but if you go on Twitter and search SSL you'll probably see something.

Nothing that badmin can do about it afaik because it's a third-party fuck-up and they're more interested in getting a thousand shopify sites back online than simplemachines forums. 

See Zetetic's link.

[Zetetic]

Can you check this NoSleep:
https://expired-r3-test.scotthelme.co.uk/

Just to confirm?

(Edit: Actually, that's not quite the same issue, I think, because CaB isn't directly providing any expired certs, but it should broadly test the same issue.)

[NoSleep]

It's giving me the same issue (on Opera & Chrome).

I guess Chrome and Opera haven't made a workaround yet (not on their OS X desktop versions, both of which are up to date here).

[Icehaven]

I'd just typed a long post in the entitlement thread and got an error message when I hit post. It's bloody outrageous and I want to see the manager.
_{Seriously though it was quite annoying.}

[Chedney Honks]

I always get a popup saying

'CAUTION NOBHEADS INSIDE'

[madhair60]

Yes I am also getting this error

[JesusAndYourBush]

I'm getting a "Your clock is ahead" error on Chrome, which with some investigation (this reddit thread and this one) is something to do with how Chrome handles certificates.  NoSleep I assume you're not still on a creaky old copy of XP like I am, so it's clearly a wider issue, but something to do with certificates.  On Chrome it's only doing it with a handful of sites (this is one of them), and those work fine with Firefox.

[canadagoose]

I'm getting a "Your clock is ahead" error on Chrome, which with some investigation (this reddit thread and this one) is something to do with how Chrome handles certificates.  NoSleep I assume you're not still on a creaky old copy of XP like I am, so it's clearly a wider issue, but something to do with certificates.  On Chrome it's only doing it with a handful of sites (this is one of them), and those work fine with Firefox.

XP?!

[JesusAndYourBush]

XP?!

Yeah, what of it??

[NoSleep]

I'm getting a "Your clock is ahead" error on Chrome, which with some investigation (this reddit thread and this one) is something to do with how Chrome handles certificates.  NoSleep I assume you're not still on a creaky old copy of XP like I am, so it's clearly a wider issue, but something to do with certificates.  On Chrome it's only doing it with a handful of sites (this is one of them), and those work fine with Firefox.

I'm on OS X 10.11 (El Capitan) but the versions of Chrome and Opera which are showing the warning are up to date. The two versions of Firefox I'm running are quite old: 78.14.0 ESR which showed no problem at all and 45.9.0 ESR which gave a warning but allowed me to bypass it.

I accidentally discovered that highlighting the error message shown: "NET::ERR_CERT_DATE_INVALID", revealed some text:

Code Select Expand

Subject: cookdandbombd.co.uk

Issuer: R3

Expires on: Nov 12, 2021

Current date: Oct 1, 2021

PEM encoded chain:
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgISAz2pCd+JBLvdGKN3YP3PfBy0MA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTA4MTQyMzMzNTBaFw0yMTExMTIyMzMzNDhaMB4xHDAaBgNVBAMT
E2Nvb2tkYW5kYm9tYmQuY28udWswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCySeQf3XsqnC2sRlJKXPfPJwJU3K8OYZfiXnsgeCrML1+QqwYi1rRiPhvU
IDB9kcxm45MhB1T/Fw9eW8atqGIGkHqzyGtzxPOmX3cHUtsSKAW3ghZlqQfNeTRy
Ik9pqQjK0j0/ueqgA8nzx3MOL7gmQsJo4oqWPMjSm/r4jDrZAN6Dvdk8oethT2US
nYCQLsZV/WEGbIzHv+dnbRvqHNrk7drrN0o1XYVLzVAkLVXZa8XFQHFlEoExRdKr
/M09EbubTNSedYWbX6OdqLO/26MGYV05XXhNSz92zxamcpmfNxhyMSq0PNqoyxnq
xoRJHYhrzv/odC3ubyyzQbON8kcTAgMBAAGjggKBMIICfTAOBgNVHQ8BAf8EBAMC
BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAw
HQYDVR0OBBYEFOwgpCHAZAbAnFDXUi7bH9PIxqAfMB8GA1UdIwQYMBaAFBQusxe3
WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0
cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5j
ci5vcmcvMFAGA1UdEQRJMEeCE2Nvb2tkYW5kYm9tYmQuY28udWuCF25ldy5jb29r
ZGFuZGJvbWJkLmNvLnVrghd3d3cuY29va2RhbmRib21iZC5jby51azBMBgNVHSAE
RTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRw
Oi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2
AJQgvB6O1Y1siHMfgosiLA3R2k1ebE+UPWHbTi9YTaLCAAABe0c6pCoAAAQDAEcw
RQIgZx7LanibPlOaivcjWK3V2ENytJwgwg281NRhTsKD77wCIQDVAr3ViOllQHTS
YEH2vB+B1pHhWaXiuBlJsmPyiZx7wAB3APZclC/RdzAiFFQYCDCUVo7jTRMZM7/f
DC8gC8xO8WTjAAABe0c6pBYAAAQDAEgwRgIhAM7IztznET61BBHGyUyByKLaMb/u
xrgycDraq5s+b2lXAiEAkxoknrOaG7I39DKdpBwqd8FPPwrRXAQg8i2jxw4Bi8Aw
DQYJKoZIhvcNAQELBQADggEBAF2DKzvx7DZQ48zhNiuSgUX+9sYNypl2xfZE3ate
aEwaTzOn8xvBCMipaqoMPXIe8oe74ke5UqvbRBy5qq6ONdWADmSj1OPrqgjbJR6N
Xfvf2a7uHWY0snkbJH0Rj3mDCuSjRFxWIiPPI6MkdDbfOrs/7RHr1RzCPWfuNHxL
KT1KkbRSqW9SChgrvtvOX9I/Np232vTQNbmyogCk3K2QL+MBTx6kAs+JhA3QimSu
Xoak2QCaRpYObnRQvrDgg/IQI35WHxZgz5lHJNa6cxPjZLPCp7/+Jez7gIWi9G6l
7ZTyYJh0WE0DDtub2T0RFA0ZB284qU40x8wIqCy9t9KNX7Q=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----



Which shows that it isn't the obsolete certificate that was due to expire yesterday, but is the current certificate that runs until November 12 that is causing the problem.

[Bennett Brauer]

I've been getting this on Safari since late yesterday. (Might be unrelated. No problems via Firefox.)