It was a quiet morning here until a customer let us know that one of their users encountered a “Certificate Error” while accessing their site. I immediately checked our AutoSSL configuration in WHM to see if we had a problem brewing.
Nope. All looked good.
I asked for a screenshot of the error. It revealed the source of the problem: an old version of Windows XP and Internet Explorer 8. In my case, we use SSL certificates from Let’s Encrypt – pretty much the standard around cPanel installations. Not every OS/Browser combination is compatible with these or any other certificates. From the Let’s Encrypt website:
Known Compatible
- Mozilla Firefox >= v2.0
- Google Chrome
- Internet Explorer on Windows XP SP3 and higher
- Microsoft Edge
- Android OS >= v2.3.6
- Safari >= v4.0 on macOS
- Safari on iOS >= v3.1
- Debian Linux >= v6
- Ubuntu Linux >= v12.04
- NSS Library >= v3.11.9
- Amazon FireOS (Silk Browser)
- Cyanogen > v10
- Jolla Sailfish OS > v1.1.2.16
- Kindle > v3.4.1
- Java 7 >= 7u111
- Java 8 >= 8u101
- Blackberry >= 10.3.3
- PS4 game console with firmware >= 5.00
Known Incompatible
- Blackberry < v10.3.3
- Android < v2.3.6
- Nintendo 3DS
- Windows XP prior to SP3
- cannot handle SHA-2 signed certificates
- Java 7 < 7u111
- Java 8 < 8u101
- Windows Live Mail (2012 mail client, not webmail)
- cannot handle certificates without a CRL
- PS3 game console
- PS4 game console with firmware < 5.00
However – there is another wrinkle to this. NO Windows XP system, even running SP3 supports Server Name Indication (SNI). SNI allows multiple domains on one IP address to support HTTPS browsing. If SNI is in use, XP machines can only connect to the first domain added in AutoSSL without generating an error.
Generally it’s safe to tell users blocked by these issues to click past the warnings and continue to the site.
We explain to clients that it’s more important to support users of Google than Windows XP pre-SP3. Frankly these old systems shouldn’t even be connected to the Internet as they are unsupported.
After 12 years, support for Windows XP ended April 8, 2014. Microsoft will no longer provide security updates or technical support for the Windows XP operating system. It is very important that customers and partners migrate to a modern operating system such as Windows 10.