offbyone 10 Posted October 5, 2021 Share Posted October 5, 2021 Hi. One of our customers is getting a lot of "Certificate Revoked" errors from ESET Antivirus since 1.10.2021. Accessing these sites not via ESET does not show any problem. What seems to be common to all these sites is that they are using Let's Encrypt and OCSP Stapling. Here is one example: https://app.softgarden.io Any ideas how to track down the problem. THX a lot. GrantG 1 Link to comment Share on other sites More sharing options...
Solution GrantG 2 Posted October 5, 2021 Solution Share Posted October 5, 2021 This will be due to the Let's Encrypt "DST Root CA X3 DST" certificate authority expiring on the 30th September. We have the same issue with 1 of our customers who use ESET Endpoint Security. None of our other customers have issues. Even though our certificate is valid ESET gives the same error and prevents access because one of the 2 paths has now expired. Seems to be that ESET doesn't check the new/current cert authority "ISRG Root X1" for the multi-path Let's Encrypt certs, or something like that. I am going to renew our certificates early to remove reference to the old cert authority to see if that fixes the issue. offbyone 1 Link to comment Share on other sites More sharing options...
Administrators Marcos 4,910 Posted October 5, 2021 Administrators Share Posted October 5, 2021 1 hour ago, offbyone said: Here is one example: https://app.softgarden.io Seems to be fixed, no issues here: Link to comment Share on other sites More sharing options...
offbyone 10 Posted October 5, 2021 Author Share Posted October 5, 2021 That is what Let's Encrypt post regarding root cert expiration. https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ Link to comment Share on other sites More sharing options...
offbyone 10 Posted October 5, 2021 Author Share Posted October 5, 2021 To track down the problem, is there an easy method to disable HTTPS inspection on the ESET client. I tried to pause Web-Protection on the client for 10 minutes however I see that the website is still signed by the ESET proxy cert. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,910 Posted October 5, 2021 Administrators Share Posted October 5, 2021 Just now, offbyone said: To track down the problem, is there an easy method to disable HTTPS inspection on the ESET client. I tried to pause Web-Protection on the client for 10 minutes however I see that the website is still signed by the ESET proxy cert. Did you restart the browser? Tried clearing cache? Link to comment Share on other sites More sharing options...
offbyone 10 Posted October 5, 2021 Author Share Posted October 5, 2021 Yes I tried both but doesn't help, neither FF nor IE. Link to comment Share on other sites More sharing options...
GrantG 2 Posted October 5, 2021 Share Posted October 5, 2021 I've manually renewed the Let's Encrypt certificates in question now and the optional expired path in the chain has now gone. This should resolve the client issue with ESET for us although I do question if it should have been necessary as the certificates were still valid. Anyway, I hope this helps. offbyone 1 Link to comment Share on other sites More sharing options...
offbyone 10 Posted October 5, 2021 Author Share Posted October 5, 2021 33 minutes ago, GrantG said: Anyway, I hope this helps. Indeed it did. This was the missing hint to get to the root of the problem. THX again. Link to comment Share on other sites More sharing options...
Recommended Posts