SSL connect error

same issue.
i even used vpn and even generated a new root certificate (cause i was playing with ssh keygen and some other stuff a while back which is not even related and got me suspicious that i accidently messed the w10 up somehow) and both of them did not work.

Same issue.
Checked:
-System time&date
-System and external firewalls
-Installed certificates
Did not help.
It seems the client tries to connect to some specific resourse on the internet to check that certificate (it is required to access patch.poecdn.com) and it fails. Probably that certificate on that specific resourse expired or not trusted anymore for some reason.
If there is a chance that changing route will change the resourse required for certification than yes, VPN might help.
I still dont use any and to be honest dont want to.
Support told me to post in here. So I did.
Please fix it.

up

I get this problem from time to time.

What solves it for me is allowing lsass.exe (Keylso, SamSs, VaultSvc) inbound/outbound connections in my firewall. I have it set to block; it might just default that way, depends on individual setups/programs installed, etc.

After updating, I remove the rule and/or set it to block again. Hope that helps someone.

same only steam works

"

xodrul#4702 wrote:

I get this problem from time to time.

What solves it for me is allowing lsass.exe (Keylso, SamSs, VaultSvc) inbound/outbound connections in my firewall. I have it set to block; it might just default that way, depends on individual setups/programs installed, etc.

After updating, I remove the rule and/or set it to block again. Hope that helps someone.

Aye, unexpected fix in time for the enormous update that is 3.26, thank you.

"

MedKa#6620 wrote:

"

MedKa#6620 wrote:

same problem here: log file

After deleting the game, downloading a new fresh client and installing it, I got a new error: "Disconnected from patching server before patching completed. Try again"

New log and WinMTR info:

Spoiler

Removed Win10
Install clean Win11
Got same problem

I still can't play :(

Solved after install "Cloudflare WARP"

"

Your_Highnesssss#5942 wrote:

Error: SSL connect error while downloading
https://patch.poecdn.com/3.25.3.11/PathOfExile.exe

TL;DR

If your firewall blocks by default, add rules to allow IP addresses:
- 108.138.246.107
- 23.207.33.50
- 23.210.65.125
(temporary. IP addresses may need changing in future)

-----------------------------------------

Long version (Diagnosing problem and solution in Windows):

Start up POE and you get the "SSL connect error while downloading" message.
It will show a link to "patch.poecdn.com" (link changes slightly each new patch version).
Manually type the link into your browser and check it downloads okay (delete the file it downloads).
If it does not download, stop here as you've got a different problem.

Open up "Event Viewer":
https://www.windowscentral.com/how-use-event-viewer-windows-10

Run POE again and when the Pop-up comes up, switch to "Event Viewer".
Expand the "Windows Logs" on the side and select "System".
See if there is an "Error" for the time you ran POE.
If not, stop here as you've got a different problem.

Click the "Error" entry and check the message says:

"

The certificate received from the remote server has not validated correctly.
The error code is 0x80092013. The TLS connection request has failed.
The attached data contains the server certificate.

It MUST have error code "0x80092013".
If not, it's a different issue (or check any other "Error" entries).

"0x80092013" means there's a problem connecting to "patch.poecdn.com".
Specfically, when trying to connect securely (HTTPS / SSL certificate).
More specifically, its unable to check the Certificate Revocation List (CRL):
https://stealthpuppy.com/resolving-issues-starting-ca-offline-crl/

A CRL lets your computer know the SSL Certificate has not been "revoked".
If it has been revoked, do not connect or trust that computer / server.
(this is part of how the internet maintains some level of security)

The next step is to check the CRL in the website SSL Certificate.
Load in your browser "https://patch.poecdn.com/" (this was from the popup).
It will say "403 Forbidden", but you can still click the padlock in the address bar.
Find the option to "View Certificate". Then look for "CRL".
It will provide a "http" address like: http://e6.c.lencr.org/102.crl
(NOT "https". it's in case there is SSL issue loading the CRL link)
Copy and paste the CRL link into a new tab, and it should download a file.
If it doesn't, stop here as you've got another problem.
Otherwise remove the file it just downloaded (you just need to test it works).

Next, resolve the CRL domain name to an IP address.
You can do this using "ping e6.c.lencr.org" in a command prompt.
Add the IP address to your firewall to allow the connection.

Try POE again and see if that works.
You may need to repeat this with the "Intermediate Certificate" CRL as well.
(eg. http://x1.c.lencr.org/)

As the SSL certificate on patch.poecdn.com uses LetsEncrypt and changes every 3 months, you "might" encounter this again quarterly.


I do gloss over a LOT in the above, so anyone else feel free to expand or clarify further on any of the above to help others that may encounter this error.