I keep getting this warning to my website on google search on my android phone and it wont connect

Your connection is not private…. NET: ERR_CERT_AUTHORITY_INVALID

and It crosses out https when I look

It works fine on my PC when I search on that…

It has only just started after an automatic update to simple Https… I have disabled that on website (as I have https with cloudflare) but it has made no difference and it worked fine before any advice please?


Which Android version are you using?

Recently a Let’s Encrypt root certificate was renewed and older versions were not updated.

Let’s Encrypt’s root certificate has expired, and it might break your devices – TechCrunch

Rather a workaround than a fix, but make sure your naked domain DNS record is proxied (:orange:), that should probably “fix” it.

I don’t get an error, this is what I see

Could you provide a screenshot of the error you get and/or steps to re-create it?

You didn’t read what I wrote earlier, did you? :wink:

Yeah I didn’t (until now)

Hi Sandro
Thanks for your help
Sorry I didn’t get back to you sooner, I live in Cambodia and we are 12 hours in front of US time and I need my beauty sleep… a lot … ha ha.
I am not too bright with computers and the language and I dont get on well with smartphones… they maybe smart… me not so much Do I install letsencrypt? and I am not sure what this means
but make sure your naked domain DNS record is proxied (:orange:), that should probably “fix” it.

I tried again on my phone and tapped the top. where the https was crossed out.
It said the same as the lets encrypt info and certificate is not trusted. It also said go to settings - site settings- insecure content and change that but I dont have in secure content on my site settings.
I dont know how to take a screen shot on phone and send it as I havent joined my phone with pc.
I did get the site up but there were no images on it.

On my PC it works fine.

any advice? keep it simple please
kind regards

Beauty sleep is important :slight_smile:

The main question really is which Android version you are using. If it’s one mentioned in the link, you’ll have that root certificate issue.

To “fix” that you need to go to your DNS settings and make sure that the record for your naked domain is proxied and not unproxied, :orange: instead of :grey:.

That will route all traffic through the proxies (as it is already done with the www record) where you’ll get the proxy certificate instead, which appears to have been issued by a different CA.

Again, that is rather a workaround than a fix, as it will simply change the CA and your phone will still complain about Let’s Encrypt certificates, but that’s something only an update of your phone can fix.

Thanks Sandro
I checked DNS and the top two said DNS only so I changed to proxy settings. Is that correct? The third already had proxy settings.
Attached screenshot … I can do them with pc
Do I also need to re activate the simple DNS plugin on my wordpress site.?
If it is okay on most phones I wont worry. I dont want to change to a new phone as I dont use it that much… only occasionally to check on my mobile friendly website… Still pissed off I swapped my nokia phone…
kind regards

mail should most likely not be proxied. Only web-related records should be proxied.

Thanks Sandro
I unproxied mail and got a warning ( screenshot 1) so I unproxied the one underneath and warning went away screen 2… this was how it was when I first started. should I do that or proxy them both?
kind regards

Ignore the warning and proxy the naked domain again.

1 Like

Thanks Sandro
I will do that but that affect the mail?
It goes through blue host
kind regards

You mean leaving mail unproxied?

no proxied… whatever that means ha ha

Well, as I mentioned earlier, only web-related records should be proxied. Everything else needs to be unproxied.

Thanks Sandro
Is this correct now?
Where do they find these names?
If Ive been proxied several years ago … the doc would have given me a jab of penicillin… yep … an old fart… ha ah
kind regards

mail is still proxied.

Where does who find which names?

Bottom line, as I mentioned a few times already, only web-related records should be proxied. Anything that does not handle web related content (e.g. mail) must not be proxied.

Hi Sandro
Still confused
Is it screenshot 1… 2 … or 3

This is the correct one.

kind regards and stay safe

1 Like