-
Notifications
You must be signed in to change notification settings - Fork 874
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing ISRG (Let's Encrypt Root) on some Windows 11 Installation #612
Comments
And the OS information
|
See more at Let's Encrypt Chain of Trust page. |
Strange. According to Microsoft's Trusted Root Program, ISRG Root X1, ISRG Root X2 and many other root certificates are on the list. Perhaps the list you get from powershell stores which trusted root certificates have been used/found. If that's the case, then if you use HTTPS to access a web page with a certificate provided by letsencrypt, the ISRG root certificate will appear on the list. |
Oh, I did not see that. |
Yes. It only happens on some installations of windows 11, but not all. And in some installation, cumulative update will fix this issue. I recommended use |
And it (missing ISRG X1 Root) also happens to some old Android release prior to 7.1.1 according to this post https://www.webmasterworld.com/webmaster/5015781.htm |
It is an OS-related issue, not naiveproxy's.
For most of forwardproxy users, it is likely to use Let's Encrypt Root for free SSL ceritificates. However, in the some latest Windows 11 installation, the CA (named ISRG) is missing. For my case, I created a new Windows 11 VM from Parallels Desktop inside a m3 macbook and found the ISRG CA missing in ROOT certificate store.
I did something like in PowerShell:
You can find the ISRG CA is missing. For naiveproxy, it will prevent TLS connection from establishing with the forwardproxy server. And I also tried Windows 11 23H2 iso in a physical machine, it also produced the same SSL error.
By installing the cumulative update, the problem was resolved. Not sure how it might affects naiveproxy users. But that's an issue (maybe not so large).
The text was updated successfully, but these errors were encountered: