add lets encrypt R3 as trusted root certificates

%3CLINGO-SUB%20id%3D%22lingo-sub-2069664%22%20slang%3D%22en-US%22%3Eadd%20lets%20encrypt%20R3%20as%20trusted%20root%20certificates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2069664%22%20slang%3D%22en-US%22%3E%3CP%20class%3D%22%22%3Ewhen%20is%20the%20roadmap%20to%20add%20lets%20encrypt%20R3%20and%20E1%20as%20trusted%20root%20certificates%3C%2FP%3E%3CP%3EI%20am%20receiving%20certificate%20not%20valid%20for%20newly%20generated%20certificates%20from%20LetsEncrypt%20in%20Edge%20browser.%20I%20don't%20receive%20the%20same%20error%20in%20Chrome%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2076883%22%20slang%3D%22en-US%22%3ERe%3A%20add%20lets%20encrypt%20R3%20as%20trusted%20root%20certificates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2076883%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F932665%22%20target%3D%22_blank%22%3E%40vairakkumarHF%3C%2FA%3E%26nbsp%3BHello!%26nbsp%3B%20I'm%20currently%20not%20aware%20of%20any%20issues%20with%20Let's%20Encrypt%20and%20Microsoft%20Edge.%26nbsp%3B%20Is%20there%20any%20more%20information%20you%20can%20provide%3F%26nbsp%3B%20Is%20there%20a%20website%20we%20can%20test%20that%20will%20reproduce%20the%20issue%3F%26nbsp%3B%20Thanks!%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3E-Kelly%26nbsp%3B%3C%2FEM%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

when is the roadmap to add lets encrypt R3 and E1 as trusted root certificates

I am receiving certificate not valid for newly generated certificates from LetsEncrypt in Edge browser. I don't receive the same error in Chrome

4 Replies

@vairakkumarHF Hello!  I'm currently not aware of any issues with Let's Encrypt and Microsoft Edge.  Is there any more information you can provide?  Is there a website we can test that will reproduce the issue?  Thanks! 

 

-Kelly 

@Kelly_Y 

Don't know what the problem was, it is no longer occurring in Microsoft Edge and it is displaying the certificate path accurately.

Thanks

 

@Kelly_Y 

This intermediate CA cert from LE is not found:

DST Root CA X3
 - R3 (

CN = R3
O = Let's Encrypt
C = US

)

 

whereas the following is found:

DST Root CA X3

- Let's Encrypt Authority X3 (

CN = Let's Encrypt Authority X3
O = Let's Encrypt
C = US

)

So, it appears that it displays untrusted certificate that is a leaf issued based on R3.

 

 

@vairakkumarHF For clarity, on Windows today, both Microsoft Chrome and Microsoft Edge defer certificate trust decisions to the Windows Trusted Root Store; if Chrome trusts the cert, so will Edge, and vice-versa.

 

For debugging certificate trust issues, sharing the full built-chain is very helpful; https://textslashplain.com/2017/03/30/get-help-with-https-problems/