SSL Checker is not trusting Auth0 SSL certificate

Problem statement

We checked our tenant’s domain in an online SSL checker and noticed a warning that the certificate chain is not complete.

Steps to reproduce

Visit Check SSL Certificate and enter any Auth0 domain (except a self-managed Custom Domain).

Solution

This issue is usually due to some SSL checkers not recognizing ISRG Root X1 as a valid root certificate. ISRG Root X1 is the root cert for Let’s Encrypt SSL certs, which are used in Auth0 canonical domains and Auth0-managed Custom Domains.

All modern trust stores (operating systems, servers, browsers) should trust that cert. The below doc from Let’s Encrypt explains this:

If you don’t like having a Let’s Encrypt certificate, you can bring your cert using a Self-managed Custom Domain.