TransWikia.com

I can’t connect to any secured host which is protected with Lets Encrypt SSL on Windows 8.1

Super User Asked on November 24, 2021

I have problems with Windows 8.1 where I can’t connect to any host which is protected with Lets Encrypt.

  1. IE 11 not working and display this page cannot be displayed.

  2. Executing code from CURL or C# also fails with SSL/TLS handshake
    error.

I have tried to test using OpenSSL

s_client -host 7bdcc6a8-e7c1-49b2-9119-8ff819e17b6e.blrrvkdw0thh68l98t20.databases.appdomain.cloud -port 443 -debug -security_debug

and got an error in results

Verify return code: 20 (unable to get local issuer certificate)

Any idea how to solve this?

The result from OpenSSL

CONNECTED(00000110)
write to 0xf5e69f0ea0 [0xf5e6a14f20] (385 bytes => 385 (0x181))
0000 - 16 03 01 01 7c 01 00 01-78 03 03 c3 6a 1d 7b 63   ....|...x...j.{c
0010 - 65 57 12 5e 11 31 d5 da-ff 9c e6 7d e7 0f cf c5   eW.^.1.....}....
//SKIP
---
Certificate chain
 0 s:CN = icd-prod-us-east-db-a0qmx.us-east.containers.appdomain.cloud
   i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
 1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF8TCCBNmgAwIBAgISAxdwFWgEzinpzkOMViMbEyRCMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA2MDEwMTEwMTdaFw0y
MDA4MzAwMTEwMTdaMEcxRTBDBgNVBAMTPGljZC1wcm9kLXVzLWVhc3QtZGItYTBx
bXgudXMtZWFzdC5jb250YWluZXJzLmFwcGRvbWFpbi5jbG91ZDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBALlP8/SL6yOz4PNZN8vcbxYb4YxBoMGVoqrN
p4pSPXnnATVTkMlY87oLb7tufl0FDj9T0SKY5Avss+kAxnyKvcU1txCHNe6lhDMR
G0oD3rYC4RpPI2PKDEQR7wsQLAu3/G73SHAuq7Vl4uYiAeSxCu9XidE9TRhYlZvP
X/0y1DfJzTxr5jcjThtIynmtJ3t8nOzwPt9UGlf3HOzAq7O4iQDQ9Enw8l64wf3G
qrZdhRwT07AOBeklNsdybq2d2C1p8xCiouBF4RWu59F0W2Vn77oY5+7Qk3wza0G7
gD7yxAnVTDY1T5l7qDuprhBoU3U7G6hyWiN+d1q2Hs9nAtckWuECAwEAAaOCAtIw
ggLOMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU/bBblrAkpgoQl8xkuw4jamr4U+8w
HwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUHAQEEYzBh
MC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
MC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
LzCBiAYDVR0RBIGAMH6CPiouaWNkLXByb2QtdXMtZWFzdC1kYi1hMHFteC51cy1l
YXN0LmNvbnRhaW5lcnMuYXBwZG9tYWluLmNsb3VkgjxpY2QtcHJvZC11cy1lYXN0
LWRiLWEwcW14LnVzLWVhc3QuY29udGFpbmVycy5hcHBkb21haW4uY2xvdWQwTAYD
VR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYa
aHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHx
AO8AdQBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAXJtpNATAAAE
AwBGMEQCIBXr+aVSjtiAwTACf6uEHTc/qJtROBj4QKG+ZJw+4DExAiBh1pjwz8VG
K8gAO6pkW23xvUKJA/GNWaywQaApTZcrXAB2AAe3XBvlfWj/8bDGHSMVx7rmV3xX
lLdq7rxhOhpp06IcAAABcm2k0BIAAAQDAEcwRQIgK0OF/KJ9GVHXkTh3Py/0gNGD
aP1s2sJAcnQoCt6+dwwCIQCJhVWyeEYSq7kOJ5moWM3lry9L6L93r4nPkUzkOxx2
MTANBgkqhkiG9w0BAQsFAAOCAQEAfkvxBstsi4tGESy+sfunXhcommsAvHgUapp1
QhuU6NHFpht4jDBz+Q2aM1LALD96rJzsQy7Qpc3HkyzB6gG/hJXhENtYx75PTSUY
Vb/M3EYp7klAksAbBDhEj7o/GJJQdLyPqGK3CLTovrSun9w65jaFlkICHyThAzij
YV7mIlfeSLa/ZW6gSalKy62QxZCro5gtCTy0UnK+OlEajTDwbI2yDC55YxBA9whe
XnMqn7HY3B6u/LUZB5CKJHFrkudOBgRBAj5mrQnrFZ2ub1d8fTplGS0jC5f8sJco
5fWi3ztiprg7R6KnWX5sxPMl4NRH+SttqqARxNcOVMIOyZWkTA==
-----END CERTIFICATE-----
subject=CN = icd-prod-us-east-db-a0qmx.us-east.containers.appdomain.cloud

issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3264 bytes and written 465 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
---
read from 0xf5e69f0ea0 [0xf5e6a0bd03] (5 bytes => 5 (0x5))
0000 - 17 03 03 01 5a                                    ....Z
read from 0xf5e69f0ea0 [0xf5e6a0bd08] (346 bytes => 346 (0x15A))
0000 - 7f 6d 39 89 2a 3c 0b 83-43 dd 34 70 16 8a e0 e9   .m9.*<..C.4p....
0010 - 5d ab 31 2f 0b c6 c3 22-54 a7 22 b5 64 2a 96 75   ].1/..."T.".d*.u
0020 - c2 ce fa d7 a3 55 d0 9f-bd ad bb 06 b6 d5 b7 6e   .....U.........n
0030 - 78 02 0b fc fa 5b ea f9-be 44 cd f0 be 3f 02 09   x....[...D...?..
0040 - 83 74 75 73 b4 96 0e fb-72 dd fc 75 f9 cf e6 06   .tus....r..u....
0050 - 15 0a 20 86 a1 11 fd ec-15 9b 59 1e f0 5a 83 74   .. .......Y..Z.t
0060 - dd 5c 69 09 c4 f6 cc e7-56 f2 77 48 8b f0 3e 12   .i.....V.wH..>.
0070 - 6f d2 85 b8 a6 8b af a8-82 fd 42 0c 8a 4f 2a 98   o.........B..O*.
0080 - 44 8f c4 b1 bb 15 22 ad-68 94 4a de 29 9d 7f 08   D.....".h.J.)...
0090 - 7a 16 f1 f7 24 e2 a8 05-73 bd f5 48 d3 74 12 95   z...$...s..H.t..
00a0 - f3 e4 7b 37 6b 41 03 6c-d5 10 e2 76 41 c0 5b 24   ..{7kA.l...vA.[$
00b0 - 73 55 ad 13 df 86 95 ff-c3 ed 83 9d 46 4e 1b 15   sU..........FN..
00c0 - ea 94 05 ad 00 f3 de fd-d5 5b aa a6 55 a5 1b 5d   .........[..U..]
00d0 - f7 b6 29 b7 96 4d d9 b1-59 4e 97 2e a2 a7 9e 77   ..)..M..YN.....w
00e0 - 24 6d 75 09 c6 9b 22 38-9d b9 86 3b b1 30 23 f9   $mu..."8...;.0#.
00f0 - 6d 7b 48 6e c6 54 1a 12-38 ba 1d 8b cd 18 ea 15   m{Hn.T..8.......
0100 - 03 92 69 06 92 cd 68 33-ef cb 51 1f 11 f3 4b 49   ..i...h3..Q...KI
0110 - df e9 b0 69 47 8a f8 ff-50 31 c8 9b c7 e1 50 b3   ...iG...P1....P.
0120 - 22 8a b8 3c 6b 9d 09 17-87 6b e3 1a ea 62 6a 87   "..<k....k...bj.
0130 - 2d 75 88 fb 6b 73 9c 82-76 87 b3 e2 ef 03 5c b8   -u..ks..v......
0140 - 2a 3e e4 33 55 03 53 40-d0 dc 39 1b 43 52 52 ca   *>[email protected].
0150 - ae bb 51 44 17 f7 c5 57-98 c0                     ..QD...W..
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: F2D113A783DED6C73955EBC9DBE23290DE69ED6AF528EA4563F59BAE84390427
    Session-ID-ctx: 
    Resumption PSK: E04A19DAB3AD0E09224CBF1DDC04385C732A5E3F2B8056269F29D7E916112F8FAFD3C668005483F0666C71182F4AE991
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 600 (seconds)
    TLS session ticket:
    0000 - 4c 39 8c a2 6f 4f b7 fb-22 4d 5e 75 99 04 2c c7   L9..oO.."M^u..,.
    0010 - b5 9a 5d 04 dc e5 aa a5-83 60 08 41 12 2c cd 69   ..]......`.A.,.i
    0020 - 82 c7 00 6b 5d 6f 80 2c-38 70 38 ae 48 d9 38 ad   ...k]o.,8p8.H.8.
    0030 - 39 d9 0e 0d b1 ca 76 1e-ef 0b 60 9b 5b 84 e4 ad   9.....v...`.[...
    0040 - 38 05 85 8a cc 17 91 40-66 10 b5 5e d7 14 92 02   8......@f..^....
    0050 - 5b 2e 5c b0 e4 0e d2 86-af c2 f1 5d 9a 85 1e a9   [.........]....
    0060 - fd 57 90 84 7f 3a f7 94-fa bf e9 45 aa 8b b8 7c   .W...:.....E...|
    0070 - 32 d9 2f 97 d9 87 52 85-ac 39 41 ae 7e 39 0d 17   2./...R..9A.~9..
    0080 - ca 16 47 ba 88 6e 7a 12-71 03 14 62 0d 1a b8 76   ..G..nz.q..b...v
    0090 - 16 e8 45 65 0e f3 5e 0b-99 32 cd ba 12 c0 e1 ea   ..Ee..^..2......
    00a0 - 7a 1e 79 b9 40 27 2f 2b-86 29 60 af 25 4a 40 2f   z.y.@'/+.)`.%J@/
    00b0 - 91 4e d7 2a a6 26 37 54-35 0b a2 4c da fb 4c bc   .N.*.&7T5..L..L.
    00c0 - 67 ef 3a c3 e9 b6 a5 cb-85 fd 51 a6 e5 28 d2 7e   g.:.......Q..(.~
    00d0 - b8 fc bb 08 01 d9 ab 9a-b8 32 f2 00 ac ba d0 f3   .........2......
    00e0 - e0 95 a8 a1 32 61 4e b5-35 39 52 67 8d 76 6d f0   ....2aN.59Rg.vm.
    00f0 - 79 d2 60 c9 17 02 59 28-24 bb c0 16 08 18 d1 a2   y.`...Y($.......
    0100 - 97 20 ee f9 f5 77 93 9b-70 2f aa bb e8 c1 14 95   . ...w..p/......
    0110 - d4 c3 36 e1 43 62 91 96-0e f5 2d 8f 89 7e aa b3   ..6.Cb....-..~..
    0120 - a4 c5 0f 64 da 7f 58 e3-29 4c ba f1 5f 4b 27 46   ...d..X.)L.._K'F

    Start Time: 1595413991
    Timeout   : 7200 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
read from 0xf5e69f0ea0 [0xf5e6a0bd03] (5 bytes => 5 (0x5))
0000 - 17 03 03 01 5a                                    ....Z
read from 0xf5e69f0ea0 [0xf5e6a0bd08] (346 bytes => 346 (0x15A))
0000 - 5e 12 01 e3 1f ef fd 74-9b 64 04 a1 c7 0d af b9   ^......t.d......
0010 - 42 60 7c 9c f6 ac b6 86-99 53 f3 0b 1e 11 99 87   B`|......S......
0020 - 6e e7 02 03 59 a9 fe 60-1b e3 9f ea 57 1f 9f ad   n...Y..`....W...
0030 - 15 72 e0 fe 49 cb b5 03-ac 5e 80 86 06 90 28 98   .r..I....^....(.
0040 - 24 21 1b 48 b6 7e 56 bf-2c 4a be d7 60 41 9c 63   $!.H.~V.,J..`A.c
0050 - f4 23 ea b8 da 2e 3e 81-f8 dc 70 c8 5a 17 a2 21   .#....>...p.Z..!
0060 - 30 4d 34 2b 97 82 2e 5a-a3 4d 72 d2 40 27 ca a8   0M4+...Z.Mr.@'..
0070 - 64 4e 33 c9 9c 65 6b 14-ce 12 93 5b f0 77 1e 9a   dN3..ek....[.w..
0080 - 3d 09 98 a1 a3 fa d6 21-7b 9a ce e0 36 96 35 97   =......!{...6.5.
0090 - bb 75 cc c3 f4 6d 0c 38-02 1c 06 ce 3d 2d 2f 54   .u...m.8....=-/T
00a0 - bc 1a 13 f9 01 47 74 a0-54 49 98 09 5d f2 bb 1e   .....Gt.TI..]...
00b0 - ff 2c be 62 9c f3 10 da-6e 38 65 f2 98 7e 18 ac   .,.b....n8e..~..
00c0 - 64 ce 66 5c 43 f0 23 32-52 ec 7b 08 7e c5 83 19   d.fC.#2R.{.~...
00d0 - 97 22 ae 6f c3 4d 9e cf-a4 70 46 4b f3 08 39 50   .".o.M...pFK..9P
00e0 - 0c ba d4 bd 57 7c b9 81-ac b6 a6 a6 ac d9 9b 85   ....W|..........
00f0 - 4e e7 97 b3 23 63 aa 87-a1 f5 08 37 00 ce 6a 07   N...#c.....7..j.
0100 - 1d eb cb 44 f1 77 eb 70-68 d9 ed 35 11 a5 ca e3   ...D.w.ph..5....
0110 - 63 de 47 ee 66 b2 59 03-b2 d8 4d b0 90 12 14 26   c.G.f.Y...M....&
0120 - d2 76 64 65 72 6a 72 11-5f fd 13 ba 8f 18 e5 d7   .vderjr._.......
0130 - 5e 32 d4 4f 50 ab e2 36-ab e8 d6 04 43 65 2a 88   ^2.OP..6....Ce*.
0140 - e7 91 81 39 f7 bd 27 b4-c5 c7 4a fc a9 7a 82 2e   ...9..'...J..z..
0150 - bd bd af 8d b2 1a 58 8a-80 e5                     ......X...
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: E30D3E8C3D51CDD637910201E78CC5FA5DDFCAA75DB475F11B32FFA9FA94E6DA
    Session-ID-ctx: 
    Resumption PSK: 9D0A84FA48606A445C1D00A9AB9C94A10C69FE083F354096ABE3F5D1D0179CCD4B66415D4576DE85D95995A61F30B3F0
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 600 (seconds)
    TLS session ticket:
    0000 - 4c 39 8c a2 6f 4f b7 fb-22 4d 5e 75 99 04 2c c7   L9..oO.."M^u..,.
    0010 - 24 46 ff 7a 2a 6f 77 6b-7f 00 02 75 0a e5 1b 2a   $F.z*owk...u...*
    0020 - 89 7e 98 61 a2 d2 22 54-e1 cf 7b 84 fa 8d 43 6c   .~.a.."T..{...Cl
    0030 - 0a 44 21 bb de f6 b0 c8-de ab 60 6c e7 5e 54 10   .D!.......`l.^T.
    0040 - b5 41 71 53 73 19 ad dc-dc 22 e0 15 1f ab 2f 3c   .AqSs...."..../<
    0050 - f2 5d dc 18 a0 5e 0e 71-26 47 be 08 1f 6b 90 33   .]...^.q&G...k.3
    0060 - de 95 da f3 5b 4b 63 e6-33 d4 0b 10 4b 3c f1 c1   ....[Kc.3...K<..
    0070 - f2 14 c8 21 42 d7 fc a8-86 31 56 b8 3b 9e d7 37   ...!B....1V.;..7
    0080 - d5 9c c2 3a c7 89 52 36-75 80 4f 0c eb 7f 97 3e   ...:..R6u.O....>
    0090 - ec 31 3e 74 05 56 fa 12-08 ac 19 73 1e 6a 3b 81   .1>t.V.....s.j;.
    00a0 - 1d 2d 53 96 94 fc a6 08-0c 02 c1 6a d6 ec ed 93   .-S........j....
    00b0 - b3 62 9c 66 41 9a fa 3c-67 53 b0 0e 6e 23 59 66   .b.fA..<gS..n#Yf
    00c0 - 13 73 a4 d2 92 c9 01 6d-ba af 43 d1 29 63 00 7b   .s.....m..C.)c.{
    00d0 - e5 00 0f 3f 72 07 08 7e-b0 6b f7 d4 d8 b8 30 22   ...?r..~.k....0"
    00e0 - e6 03 f1 d9 68 6c c6 67-d0 b3 84 0c fd de 9d 61   ....hl.g.......a
    00f0 - ae ee a1 96 ea 61 66 5f-7c 92 a6 41 f4 4b f4 d7   .....af_|..A.K..
    0100 - 83 2a a4 b9 3c 57 98 0c-cb 52 bb c0 f5 fd 6a c4   .*..<W...R....j.
    0110 - 8b bf d0 e2 59 ab 79 59-32 49 89 3d de a6 81 b4   ....Y.yY2I.=....
    0120 - a5 85 fa d3 4b bb 7f 31-f0 48 19 60 35 4f c4 3a   ....K..1.H.`5O.:

    Start Time: 1595413991
    Timeout   : 7200 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK

One Answer

it seems an issue related specifically to your workstation not global windows 8.1

have a look at https://community.letsencrypt.org/t/unable-to-get-local-issuer-certificate/101044 it explains full details which doesn't make sense to copy them all here :)

good luck

Answered by Bashar Al-Abdulhadi on November 24, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP