“Your connection is not private” error messages
Since 30 September 2021, a LOT of you are seeing that all too familiar “Your connection is not private” error message, something like this:
Some of you are experiencing the issue with your own sites, but the reality is, it’s causing issues with a LOT of sites.
Before we get into the fix it’s important to note … this message does not mean you’ve been hacked!! All it means is that your computer is unable to view the site securely.
Why is it happening?
On 30 September 2021 the root certificate used by Let’s Encrypt expired. Huh? What does that mean?! This article explains it in a very techy way, but the more important question is … how do I fix it?
How do I fix it?
Users with the latest devices will be unaffected, but you may need to upgrade.
Depending on the model and year of your computer, you may be able to update your operating system. If you can’t upgrade the OS, you may need to consider buying a new device.
If you’re on a new supported operating system, you may also want to check that you are using one of the latest browsers too. You can do this by visiting https://updatemybrowser.org/. Here you can check which browser you are using, and whether it is up to date. In summary, if you’re not using one of these major browser versions, then you are probably not up-to-date:
- Chrome 94
- Safari 15
- Edge 94
- Firefox 92
- Opera 79
I asked SureSupport, this is what they said …
The warnings you see are related to a change that one of the global SSL certificate providers (Let’s Encrypt) made on Oct 1, 2021. One of their root certificates expired. As a result, some older software packages are not able to trust the certificates through their current root certificate as they do not have it in their repositories. Some details about this are available at:
https://techcrunch.com/2021/09/21/lets-encrypt-root-expiry/
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
Basically, some outdated operating systems, browsers, and email software applications appear to be affected. To resolve this on your end, you should update the operating system/browser/email software application where you have this issue to the latest available version.
I asked Squarespace, this is what they said …
Hello there, thanks for reaching out to us. I see some of your clients are seeing SSL issues across their sites- I can help here.
Recently, Let’s Encrypt, our SSL provider, expired their root CA certificate. Root certificates are built into a device’s operating system and they’re generally updated as part of the process to update a device’s OS.
Because some older devices don’t automatically receive the new certificates, this means that some users with older operating systems and browsers may now experience site loading issues or run into security warnings and SSL errors when viewing or editing their sites.
To ensure that your clients are using the latest version of their browsers and operating systems, they can visit this guide: