Issue with SSL in mobile Chrome

Website, Application, Performance Security
1

Hi all

I have an issue with SSL on mobile,

  1. I see the following error in different devices of the same location. Cleared history and checked in incognito

  2. I checked with my partner Ezoic and they don’t see the error

  3. Moreover, I have asked others to check with Apple and Android from different locations in the country and they don’t see the error.

Can this be a local network error?
Any idea how to fix it?

ERROR DESCRIPTION

NET::ERR_CERT_AUTHORITY_INVAL

2023-05-13 a las 15.04.49
2023-05-13 a las 15.04.49811×1280 54 KB

I have checked with Qualys SSL Labs the result is B
https://www.ssllabs.com/ssltest/analyze.html?d=surdelsur.com
This server’s certificate is not trusted by Java trust store (see below for details).
This server supports TLS 1.0 and TLS 1.1. Grade capped to B

check
check1308×605 69 KB

The system is Android 8.1.0 with Chrome I checked the browser and seems ok
https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html

I have checked the following but I don’t know what to look for.
https://surdelsur.com/cdn-cgi/trace

fl=363f41
h=surdelsur.com
ip=181.88.176.131
ts=1684003938.913
visit_scheme=https
uag=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36
colo=MIA
sliver=none
http=http/3
loc=AR
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off
rbi=off
kex=X25519

Your opinion would be much appreciated

4

Universal SSL appears to have onboarded an SSL cert provider which breaks the previously supported older Android devices (My examples are with Android 9).

This has impacted my site too :frowning:

5

Thanks for your answer @downundercoder I was driving crazy. At least now I know what is it.

The other thing: When you check SSL you get B too?

6

Are you still encountering this issue @irene? I know there were issues with old versions of Android Cloudflare Status - DNS over TLS does not resolve on cloudflare-dns.com and that was widely discussed here, DNS hostname not working on android - #20 by aexsmhels.

7

I still see the same error message.
What is weird is that I have other sites in Cloudflare and I see them ok with the same mobile device. I only see this issue with one site: surdelsur(.)com
I didn’t enable the private DNS mode.

1 Like
8

Can you please provide us with your Android/chrome browser version please?

9

Thanks for your answer

Chrome 113.0.5672.77

10

I would like to know, is there any update. I have same issue with one of my sites

1 Like
11

We’re also experiencing this issue.
It seems our certificate now using the authority “GTS CA 2P2” which is not listed on older versions of Android like 7, 8, 9 as a trusted credential.

Has there been any change to Cloudflare’s certificate issuing lately? Our certificate has just been automatically renewed by Cloudflare and we’re facing the issue…

Is it possible to stop using the active Universal SSL to start using the backup? Or generate a new certificate?

12

We’ve just solved the issue by ordering an Advanced Certificate and selecting “Let’s Encrypt” as a Trusted Authority (it costs US$10).

1 Like
13

@joao5 @tigran515200
Well it’s weird
I have 3 sites in the same Cloudflare account from the same origin server, however, only one site has this issue.
If it was the certificate the 3 sites should be affected.

14

how to change ssl certificate from google trust services? Alot of devices cannot reach my site because of the SSL certificate, i know you can pay $10 a month to select your own but is there any other way?

15

Anything going to be sorted about this?

16

We have raised the issue and waiting for acknowledgement from Cloudflare. No update yet.

7 Likes
17

I bet your other sites dont have google trust services as ssl certificate, all my sistes eith google trust services has the issue, other issuers fine

18

Looks like GTS CA 2P2 cert issued by goo gle service is cause of this issue.
Sites with Cloudflare certs appear to work fine.
Some new cloudflare nameservers started using the new gts ca 2p2 cert?

19

I didnt change any name servers and google trust was auto added as certificate to alot of sites, hopeful they can reverse this or fix

20

We also didn’t change any name servers and google trust was auto added as certificate to some of our sites. Those sites are now having issues on some devices.

21

yup android 7 devices here all now throwing certificate errors at me, those devices were crucial to the operation of my website and are now refused access urgent help greatly appreciated.

22

My API domain certificate got renewed on 16th MAY 2023 .Now it is giving issues while some of the android users are using it out Mainly in android version 9 it is saying site is not secure .Please help me out how to mitage it out .My domain that is using is :api.klink.finance