Vivaldi, letsencrypt SSL error

vmin · March 6, 2026, 12:31am

SYSTEM INFORMATION
OS type and version	Operating system** AlmaLinux 9.7
Virtualmin version	8.1.0

when using the Vivaldi browser, it won’t load certain web sites due to an SSL error despite that SSL Labs says the certs are fine (A+) - this does not happen with Firefox

Your connection to this site is not secure.

my cert is from LetsEncrypt (ECC)

example site: 12bytes.org

Joe · March 6, 2026, 12:55am

I think this is a question for the Vivaldi folks. I don’t see any problems:

$ openssl s_client -connect 12bytes.org:443
Connecting to 144.208.127.145
CONNECTED(00000003)
depth=2 C=US, O=Internet Security Research Group, CN=ISRG Root X1
verify return:1
depth=1 C=US, O=Let's Encrypt, CN=E8
verify return:1
depth=0 CN=12bytes.org
verify return:1
---
Certificate chain
 0 s:CN=12bytes.org
   i:C=US, O=Let's Encrypt, CN=E8
   a:PKEY: EC, (prime256v1); sigalg: ecdsa-with-SHA384
   v:NotBefore: Mar  5 23:19:14 2026 GMT; NotAfter: Jun  3 23:19:13 2026 GMT
 1 s:C=US, O=Let's Encrypt, CN=E8
   i:C=US, O=Internet Security Research Group, CN=ISRG Root X1
   a:PKEY: EC, (secp384r1); sigalg: sha256WithRSAEncryption
   v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDnTCCAyKgAwIBAgISBmh5xrVSZLGsTQ5973wKvVc1MAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
ODAeFw0yNjAzMDUyMzE5MTRaFw0yNjA2MDMyMzE5MTNaMBYxFDASBgNVBAMTCzEy
Ynl0ZXMub3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0SyimSrEdYpqh+/P
+rybm7VS+iHLNLLFcf/FjTPrCJQ2CoKb/RFuY6ZP8bQWGHzFgk8A+HOGnzn0j5RH
FEucSaOCAjIwggIuMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD
ATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTY3rAauZuq65J4eTmM8ZM+H6R0qjAf
BgNVHSMEGDAWgBSPDROi9i5+0VBsMxg4XVmOI3KRyjAyBggrBgEFBQcBAQQmMCQw
IgYIKwYBBQUHMAKGFmh0dHA6Ly9lOC5pLmxlbmNyLm9yZy8wOQYDVR0RBDIwMIIL
MTJieXRlcy5vcmeCEG1haWwuMTJieXRlcy5vcmeCD3d3dy4xMmJ5dGVzLm9yZzAT
BgNVHSAEDDAKMAgGBmeBDAECATAtBgNVHR8EJjAkMCKgIKAehhxodHRwOi8vZTgu
Yy5sZW5jci5vcmcvNTQuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYAyzj3
FYl8hKFEX1vB3fvJbvKaWc1HCmkFhbDLFMMUWOcAAAGcwIHl+wAABAMARzBFAiBY
Fx3T/UIZYtJ6SdpPKrgwknQCEJ3tBM/8fyEknK6CrAIhAKDrCyKj/bW5UIPLnhgK
q6Nqsqb2RGluixqcjez2hEPyAHYASZybad4dfOz8Nt7Nh2SmuFuvCoeAGdFVUvvp
6ynd+MMAAAGcwIHtwQAABAMARzBFAiBQIP123F4KyZxAy0PNrvzFLZuN/mnWiwMO
dzmj66ICwAIhAIbMW233fcfCU1Jj3kr6UwjV8sOQIJSsJgbK0nYF7CBlMAoGCCqG
SM49BAMDA2kAMGYCMQCpJoorecyaRGVgvFVV2e6aOg+ydi304qbajPZW/UEvFndx
0YW9iZ52GwLeYWOuJmICMQCaRjhKwDKw/9b0sYzcwDwMNdnof3Fm1z1gdXen4QI7
BKUYsdtsZ13C9XoPxU6MIq8=
-----END CERTIFICATE-----
subject=CN=12bytes.org
issuer=C=US, O=Let's Encrypt, CN=E8
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ecdsa_secp256r1_sha256
Peer Temp Key: X25519, 253 bits
---
SSL handshake has read 2424 bytes and written 1637 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3
Server public key is 256 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 919910843A26AF50697B683140F9BF6C1DBB6DD6604926E188025DA0D013604A
    Session-ID-ctx:
    Resumption PSK: 51996FE364FBA9AEC626D00ADEB403D51498A5961C3B8301309862BA45BC5A1A1381D6CD0DBCD72D6426A7E4B761EAC1
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - ca 39 18 50 a9 b8 b4 22-15 da 9e 3f 29 49 d9 41   .9.P..."...?)I.A
    0010 - aa 89 42 57 ce 6a ba 14-87 50 96 41 87 d8 44 1c   ..BW.j...P.A..D.
    0020 - 31 70 17 77 f0 fa cd 91-4d f1 a9 bf 20 41 6f da   1p.w....M... Ao.
    0030 - 78 ed 31 89 42 fb c7 d1-a9 c1 ab 74 9a 67 1e 63   x.1.B......t.g.c
    0040 - 06 ab bb 01 9c c9 04 ff-64 93 6f 5f 49 54 60 71   ........d.o_IT`q
    0050 - cd ef da bd 98 b1 30 5a-f5 81 85 5e 86 e1 b1 13   ......0Z...^....
    0060 - e8 8e f5 25 2b be 87 8f-d3 dc 60 5e 84 5f 6e e4   ...%+.....`^._n.
    0070 - 4c e1 a4 2c 22 b8 e6 69-b3 d6 9e ad 24 30 31 fd   L..,"..i....$01.
    0080 - 85 cb a7 3b a4 51 97 12-6e d7 7f 98 86 ac 1b 7b   ...;.Q..n......{
    0090 - af 15 85 ab 2b 57 58 5c-07 2d 70 15 8f fb 94 c3   ....+WX\.-p.....
    00a0 - f0 d4 aa ab ff 8f 88 3e-c8 22 97 fb 3c b7 17 c1   .......>."..<...
    00b0 - c5 96 1e 57 1e 6c 7d 95-e9 89 c1 5a e4 78 d5 66   ...W.l}....Z.x.f
    00c0 - aa 0f 56 6c 63 81 da fe-1c dd f5 0d a9 12 88 33   ..Vlc..........3
    00d0 - 09 fd 10 bc af 8e 7a 4a-e0 f8 2b 77 05 13 fa 82   ......zJ..+w....
    00e0 - df 8d ff 09 ca 8b e3 0e-b2 67 3c a0 c6 1d d9 70   .........g<....p
    00f0 - 94 ff 18 48 0c 53 c7 02-2c f1 a4 a1 42 de b1 1a   ...H.S..,...B...

    Start Time: 1772758355
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 661C8D26B9AF2E5E902527DB6C8A75664FA436C68A1318F75858E742BC42D21A
    Session-ID-ctx:
    Resumption PSK: 67AA1ADB2EBC9C31EC5504172092C5E41A25E5911B516741649D22C07B4813FCD375C4F7398E155FD5450EB901805C11
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - ca 39 18 50 a9 b8 b4 22-15 da 9e 3f 29 49 d9 41   .9.P..."...?)I.A
    0010 - b8 88 2e 32 26 78 68 f4-80 49 b2 10 09 f7 de 4c   ...2&xh..I.....L
    0020 - 74 f9 44 8d 0a 68 4e e5-4b 30 2a f9 f0 fe eb 36   t.D..hN.K0*....6
    0030 - b4 64 e3 02 e4 0d 18 4a-36 8a 2c e6 c1 93 be 24   .d.....J6.,....$
    0040 - a2 80 17 53 c7 de 83 ef-19 7e 89 84 cd 86 d8 62   ...S.....~.....b
    0050 - 62 08 a6 b3 36 dd 8d 20-df 1f 9e 6d 6c f9 a3 8a   b...6.. ...ml...
    0060 - bc 9f 71 91 80 d6 30 14-94 ff 72 4a b8 7f d0 a2   ..q...0...rJ....
    0070 - 18 7c 7b 76 de 91 9f f3-63 3f 19 d3 d4 f3 ac 48   .|{v....c?.....H
    0080 - 98 99 8d ea 61 02 2e 44-7e 6e b3 7f ff db fa a7   ....a..D~n......
    0090 - 37 7a 8d 0e 61 2e 75 10-f8 13 67 0c ce 95 91 c4   7z..a.u...g.....
    00a0 - d3 6c 9a 20 6b dd 16 2b-33 61 6c 2c df 21 c8 33   .l. k..+3al,.!.3
    00b0 - 75 e1 99 3a 28 a7 70 f2-e7 57 2a 14 3a 66 50 0d   u..:(.p..W*.:fP.
    00c0 - be 24 74 83 56 51 55 29-24 ec 60 52 fd 58 04 92   .$t.VQU)$.`R.X..
    00d0 - 37 b5 c0 37 04 24 76 2d-55 70 41 68 6c d8 12 d3   7..7.$v-UpAhl...
    00e0 - c7 3a ea 34 e7 ef 91 e3-97 68 9e 81 11 be 5c e9   .:.4.....h....\.
    00f0 - 84 19 0d 38 0f b6 7d a5-be ea 7b b8 8e 1a 33 3e   ...8..}...{...3>

    Start Time: 1772758355
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0

In every browser I’m familiar with, you can open up the cert information and find out why it thinks there’s a problem. You should start there. Make sure it’s connecting to the right IP and the right domain name is being served, and see what error you’re getting. Usually it’ll say what’s wrong; e.g. domain mismatch or expired or not valid yet (if your system clock is wrong on either side).

vmin · March 6, 2026, 1:21am

I think this is a question for the Vivaldi folks. I don’t see any problems:

that’s because the problem is me
sorry for the trouble Joe
Vivaldi wanted access to my OS key store but the prompt was under the browser window so i didn’t see it

stefan1959 · March 6, 2026, 1:32am

That’s a weird one, wouldn’t that happen to every site you go to, why would your site be different?

vmin · March 6, 2026, 3:12am

Vivaldi needed permission once to access the KDE wallet subsystem - after that all sites can load

system · March 14, 2026, 3:12am

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.