SSL certificate issues on a Windows machine

Question

There are 11 Windows 10 computers in the office but the following issue only happens on one of them.

When accessing some sites in any installed browser (Edge, Chrome and Opera) the browser tells that the SSL certificate of the website is expired or not valid. But the certificates are perfectly fine. All those sites work without any issues on the other machines or on smartphones, etc.. Looks like the machine doesn't like especially the letsencrypt certificates as any site that I tested and that is using a letsencrypt certificate failed to load in the browsers. It says about letsencrypt.org itself that it has an expired certificate. See the picture.

curl reports the same certificate issues. Looks like other websites using other certificates are working fine. It is definitely a local problem because on all the other machines everything works well. I have no idea how to tackle this, where to begin the investigation. I see that the windows on the machine is not yet activated. I don't know whether it matters on this case.

Answer 1

Verify whether the problem system trusts Let's Encrypt's root certificate called ISRG Root X1 by running the following in PowerShell.

Get-Item Cert:\LocalMachine\AuthRoot\CABD2A79A1076A31F21D253635CB039D4329A5E8

If it's not found, download it from here (HTTPS) or here (HTTP) and import it into the OS's Trusted Root store by right-clicking the file and selecting Install Certificate.

Normally, Windows 10 should automatically download root certificates that are part of Microsoft's Trusted Roots program. But configuration or network issues can cause that process (which relies on Windows Update) to break.