Let's encrypt certificate, Python and Windows

Question

I changed my Webserver from HTTP to HTTPS with "Let"s Encrypt". The Webserver contains an API, and I have an Python application, which uses the API.

Under Linux is all fine, but under Windows I receive this below, when I'm logging in.

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)

My thought was, that the SSL certificate isn't installed.

So I downloaded the "isrgrootx1.der" and "lets-encrypt-x1-cross-signed.der" renamed both to the ending "*.cer".

Then I opened the Windows console, and run this:

certutil -addstore "Root" "isrgrootx1.cer".
certutil -addstore "Root" "lets-encrypt-x1-cross-signed.cer".

The second command failed, because it isn't a root certificate. My question is: In which group has the "lets-encrypt-x1-cross-signed.cer" to be installed?

Could you check the answer and see if it works for you @clausismus ? — Sreetam Das, Jun 01 '17 at 06:19

score 0 · Answer 1 · answered Oct 13 '17 at 23:37

You shouldn't need to add "lets-encrypt-x1-cross-signed.cer" to your Windows machine, since it's only an intermediate certificate. And you shouldn't need to add "isrgrootx1.cer" either, since Let's Encrypt certificates chain to "DST Root X3", which is already included with Windows.

Most likely your web server was not configured to send the intermediate certificate. If you're using Certbot, for instance, you'll want to configure your web server using "fullchain.pem" rather than "cert.pem".

Let's encrypt certificate, Python and Windows

1 Answers1