Problem statement
We checked our tenant’s domain in an online SSL checker and noticed a warning that the certificate chain is not complete.
Steps to reproduce
Visit Check SSL Certificate and enter any Auth0 domain (except a self-managed Custom Domain).
Solution
This issue is usually due to some SSL checkers not recognizing ISRG Root X1
as a valid root certificate. ISRG Root X1
is the root cert for Let’s Encrypt SSL certs, which are used in Auth0 canonical domains and Auth0-managed Custom Domains.
All modern trust stores (operating systems, servers, browsers) should trust that cert. The below doc from Let’s Encrypt explains this:
If you don’t like having a Let’s Encrypt certificate, you can bring your cert using a Self-managed Custom Domain.