"Connection not secure, Certificate signed by untrusted issuer" being displayed to certain users

geckogenweb-gmailcom · November 25, 2024, 3:18am

Current versus Expected Behavior:

Currently, some users are experiencing a “Your connection to this site is not secure” error when accessing my website, particularly users in California and on a school network. The SSL certificate is showing as signed by an untrusted issuer. The expected behavior is for all users to access the site securely without SSL warnings.

Code, Configuration, and Steps that Reproduce this Issue:

Users access the website at https://gecko-gen.com.
The browser displays a warning: “Your connection is not private.”
Certificate details show:

Issued by: R11
Organization: Let’s Encrypt
The certificate is signed by an untrusted issuer.

Project Information:

URL: https://gecko-gen.com
Framework: [Specify your framework if applicable, e.g., Next.js]
Environment: [Specify environment, e.g., Production]
Project Settings:
- DNS Records: CAA records limited to Let’s Encrypt and DigiCert.
- Nameservers: ns1.vercel-dns.com, ns2.vercel-dns.com
- SSL Certificates: Auto-renewal enabled, expiring on Feb 02, 2025.
Git Repo: GitHub - santidevhmo/geckogen-web-app-2024 at SantiWebChanges

This is a screenshot of the browser is displaying the user with the error:

And this is a screenshot to what is displayed on my browser that doesn’t have this error:

swarnava · November 25, 2024, 12:03pm

Hi,

Can you confirm if they are accessing your website from a compatible device?

geckogenweb-gmailcom · November 27, 2024, 3:53pm

Hii,

The user is using Google Chrome Version 103.0.506 in a 2008 iMac with OS X El Capitan.
I see that the certificate is not compatible with these user specifications.

I’m assuming that to fix this I would have to upgrade the plan and add my own certificate?
Also for the school network problem blocking the site, is this a common problem for Vercel deployments?

swarnava · November 27, 2024, 4:59pm

Even if you add your own custom certificate, it’s highly unlikely that you will find a SSL certificate that still supports such an old operating system. I’m assuming the problem here isn’t just with Chrome, but rather with the operating system which has extremely outdated certificates in its trust. It is crucial to ensure that the trusted store has the most recent certificates installed to support modern websites. Some SSL CA providers may still issue these certificates. Please note that custom SSL certificates can only be installed on the Enterprise plan.

This is not a common problem for Vercel deployment, but rather for any untrusted website. Corporate firewalls and school or campus networks often restrict traffic only to specific websites to ensure that employees or students don’t visit unsafe websites that are not required to perform their work.

geckogenweb-gmailcom · November 27, 2024, 8:09pm

Thank you so much for the help!

system · December 4, 2024, 8:09pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Your connection is not private - SSL Issue? Help	10	46	September 2, 2024
Getting "Your connection is not private" Help domains	2	14	January 6, 2025
Autogenerated SSL certificates not working correctly Help	4	22	October 13, 2024
SSL Certificate Issue Help domains	4	53	October 4, 2024
Vercel + Clerk auth Help domains	5	31	November 18, 2024

"Connection not secure, Certificate signed by untrusted issuer" being displayed to certain users

Related topics