Hello, in the last day or so i am now getting a certificate error from openai when trying to process the AI request. Previously it was working fine and no changes have been made since the error
message
:
“A certificate is required to complete client authentication\r\n”
I am making a call to https://api.openai.com/v1/chat/completions
I installed a new SSL certificate on the server even though the previous one was valid and still didn’t fix it.
you can see the AI on this page https://clientcreator.com/60daysfree/
This is likely a case of needing new LetsEncrypt root certificates, ISRG Root X1, and ISRG Root X2 if it is related to the OpenAI API
EDIT: they are using Google now, not the previous Let’s Encrypt.
When building a client, you may often be unknowingly be using a non-OS cert authentication chain and root certificate store, such as certifi in Python.
That is, if it is not simply “API broke”.
Determine if you are discussing an error with your API backend making a https/2.0 ECDSA client call to OpenAI, or if it is your own client’s browser connection to your server that is erroring out due to unsupported expired certs or crypto algorithms or such.
Does your tool chain have updated https API libraries you can use or patch, or has it not been made current by the vendor?
Google (gemini) says: Microsoft no longer supports Classic ASP, and it has become outdated…
Thanks for the reply. I have verified that I have both ISRG Root X1 , and ISRG Root X2 installed on my local machine (this is where I am testing possible fixes). I have restarted IIS, but still get the same error.
Anyone know how we can contact OpenAI support? Looks like a change has been made at their end which has caused Classic ASP calls to their API to fail.
It looks like for API, OpenAI is now using Google Trust Services as a certificate provider. Same for ChatGPT.
I haven’t been paying any attention since the last round of breakage due to X1 chain problems to know if this was just switched, upgraded, or if something expired on you.
Signature Algorithm: ECDSA with SHA-256 (openai), version 3 → ECDSA with SHA-384 (WE1) → ECDSA with SHA-384 (GTS Root R4)
Technical Details
Connection Encrypted (TLS_AES_128_GCM_SHA256, 128 bit keys, TLS 1.3)
I also have a Let’s Encrypt certificate. Is it possible that openai has stopped trusting these certificates?? This would then be unrelated to the Classic ASP platform.
A certificate for securing connections between your web server and browser client customers?
That would not be applicable for outbound “client” API requests to the OpenAI API server.
HTTPS is based on a chain of trust. There’s like 1000 certificate authorities generally “trusted”, loaded into browsers like Firefox, and necessarily also needed by coded client applications that also make secure connections. Those CAs then issue to intermediaries, who finally give you or OpenAI a trusted certificate (instead of a self-signed “untrusted” certificate, for which you have to install a certificate into that store).
That collection of device, OS, or browser root certificates can become obsolete, as it did when Let’s Encrypt switched to a root certificate not in Android 7 or before.
You should not need to install anything if you are keeping a root certificate store up-to-date. It depends on the backend mechanism and code being used to make those outbound API calls. (Or if you have a server based on Windows 8 code, that even needs updates to support modern crypto.)
People (unexpectedly) using ASP are gathered here with pain. Nobody else is reporting an issue. The source of “A certificate is required to complete client authentication”? Is that an actual OpenAI API error message returned by the API? Answering that will let you know how to proceed.
Same problem here … was working yesterday and now it isn’t … using ASP Classic with MSXML2.ServerXMLHTTP.6.0 and getting an msxml6.dll error ‘80072f0c’ A certificate is required to complete client authentication error from the script … have 2 other APIs being called on that same page and they’re both working fine as they were before (same code, different URLs and authorisations obvs).
“A certificate is required to complete client authentication” - this is not an OpenAI API error message no, rather it is the Classic ASP code (the MSXML2.ServerXMLHttp.6.0 module) that is throwing the error - presumably when trying to open the connection to the API endpoint.
Yes it is … but something has changed OpenAI end as both myself and others on this thread have had it working perfectly until yesterday and none of us have done any changes to our code or servers. So what has changed OpenAI end and is it reversible?
According to Le Juste Web over 1.5 million websites and business applications are coded in Classic ASP. Hopefully, OpenAI can look into reversing this or allowing Classic ASP application to continue using its services.
Thank you very much for the information, we are having the same issue as the others.
Sorry in advance if the question is to dumb, but, if I download the certificate and install it on my computer (the R4), shouldnt it make it work?
Thank you very much in advance
Same here, so far nothing helps… I am setting up a watcher here in case anyone finds the answer. In the meantime I am going to build a COM object in C# to try to overcome the issue… will keep you posted…
Hi! We are actively investigating this issue and recently reverted a change that may have caused this. Could you let us know if you are still seeing this issue? Also, if anyone’s able to provide a HAR file that contain logs of your failed requests (via DM works), that would be greatly appreciated.