SSL Checker is not trusting Auth0 SSL certificate

lihua.zhang · April 12, 2023, 5:27pm

Problem statement

We checked our tenant’s domain in an online SSL checker and noticed a warning that the certificate chain is not complete.

Steps to reproduce

Visit Check SSL Certificate and enter any Auth0 domain (except a self-managed Custom Domain).

Solution

This issue is usually due to some SSL checkers not recognizing ISRG Root X1 as a valid root certificate. ISRG Root X1 is the root cert for Let’s Encrypt SSL certs, which are used in Auth0 canonical domains and Auth0-managed Custom Domains.

All modern trust stores (operating systems, servers, browsers) should trust that cert. The below doc from Let’s Encrypt explains this:

If you don’t like having a Let’s Encrypt certificate, you can bring your cert using a Self-managed Custom Domain.

Topic		Replies	Views
Expired Certificate Errors from Certificate Authority Changes Knowledge Articles certificate , expire , ca	1	3187	December 15, 2022
Your certificate has expired! Help	3	2808	October 16, 2021
Getting Curl error 60: expired cert all of a sudden when using PHP SDK and calling https://xxx.us.auth0.com/oauth/token Help user-profile , user-management	6	2160	December 9, 2022
Auth0 Managed Certificates for Custom Domains Knowledge Articles certificate , custom-domain	1	1560	March 7, 2023
Auth0 is Down for all our Environments and all our Users are reporting an outage! Help login-experience , login-prompt-new-experience	18	4203	December 9, 2022

SSL Checker is not trusting Auth0 SSL certificate

Problem statement

Steps to reproduce

Solution

Related Topics