root CA certificate not allowing connection?

Hello all,

I am trying to create a secure connection through an insecure service. I have the ISRG Root Certificate included in the client connection, however the connection is still being refused. Unfortunately, I am using a low level library that does not tell me the cause of the error - just that one exists. This same root certificate works for verifying separate sites with the same root authority, but not inrupt. If someone could explain what I’m missing, it would be pretty helpful.


Maybe try to look at the certificate chain of one that works with your library and one that does not work. For instance with this command: openssl s_client -showcerts -connect Maybe you’ll find a difference here.

It looks like it uses Let’sEncrypt. Do other websites with Let’sEncrypt work?

The ISRG Root X1?


I’m not comprehensive of the CA certificate process - the certificate returned by exporting with Firefox is different than the ones returned in the chain by openssl. The one returned by the export in Firefox is the same for and the other test server, though it doesn’t work with in my library. As far as the chaining shown by openssl, what are these if not the ones returned by a browser?

The site I was using for testing was which also uses the LetsEncrypt certificate, and the library works with it. However, it fails for other LetsEncrypt certificates.

And yes, the ISRG Root X1 certificate.

On further testing it works with and, but is still giving me the failing connection.


I would have also thought so. It’s probably better to ask on stackoverflow or another platform, where more people have the required knowledge (at least I wouldn’t know how to help you further, as I only have basic knowledge in this). If you do that, I’d suggest you to make a minimal reproducible example so it is easy to debug and help. And also to add the SO link here in case other people here stumble across the same problem and then can easily find the information.