Dear marvelous Steam Community,

Thank you very much!

Just in case, if someone encountered an issue when some Steam web pages or certain actions fail in both the Steam client (may look similar to https://i.imgur.com/hlcktdM.png) and a general web browser (i.e. Google Chrome), and some resource downloads/transmissions (i.e.
https://community.akamai.steamstatic.com/public/shared/images/login/throbber.gif) or some other website/data accesses result in an error where network request logs indicate HTTPS (HTTP over SSL/TLS) certificate issues (i.e. "ERR_CERT_DATE_INVALID"), please try the following:

Indeed, such date mismatch issue is usually caused when client's time is out of a certificate valid time range. If the client's date/time is actual/valid, then try the next:

Let's try checking out the page certificate information and its all parental certificates' dates - of all certificates in the signing hierarchy. The information should be available in the "Certificate Path" tab (i.e. https://i.imgur.com/QBIx71z.png).

If the hierarchy indicates "DST Root CA X3" root certificate authority (CA) (i.e. https://i.imgur.com/Z9x6d6g.png), it may be the issue source - the certificate is outdated ("valid to" 2021-09-30 or September 30, 2021).

In such case, perhaps the OS doesn't have an alternative/actual trusted root CA installed ("ISRG Root X1"). Let's Encrypt (LE) offers a way to install the certificate manually. Please download the certificate from their official resource and install it manually: https://letsencrypt.org/certs/isrgrootx1.der.

If the same error appears while trying to download the file, try skipping the warning temporarily, use an alternative device/network/environment, or ask a friend/person you trust.

After the download, try installing the CA as trusted in the OS (Windows assumed):

1. Open the downloaded "Distinguished Encoding Rules (DER)" ("*.der") file;
   
2. In the opened window, press "Install Certificate…";
   
3. Select "Local Machine" if it's required to install the certificate for all OS users in general, or "Current User" - only for the current user's environment. Press "Next".
   
4. In the prompt for the "Certificate Store", select "Place all certificates in the following store", press "Browse...", select "Trusted Root Certification Authorities" and press "OK";
   
5. Press "Finish".

After that, try restarting clients (i.e. Steam and/or browsers) and reloading pages without cache enabled, or launching previously not working procedures. Some environments may require a restart.

There are/were 3 certificates in the hierarchy:

1. The root certificate authority (CA) of Let's Encrypt (LE) - "DST Root CA X3";
   
2. "R3" LE CA which was signed by "DST Root CA X3";
   
3. The certificate Steam uses/used for some resource traffic which was singed by "R3".

The Steam certificate (common name (CN) - cdn.akamai.steamstatic.com), includes Subject Alternative Name (SAN) X.509 extension entries (https://i.imgur.com/eunXUCu.png):

• cdn.akamai.steamstatic.com;
  
• cdn.steamstatic.com;
  
• community.akamai.steamstatic.com;
  
• media.steamcommunity.com;
  
• media.steampowered.com;
  
• store.akamai.steamstatic.com.

Today, "DST Root CA X3" certificate is expired ("valid to" 2021-09-30). Since various clients normally invalidate/deny every SSL transaction which includes any expired/invalid item property in a whole sign hierarchy, the Steam client and/or modern browsers result in an error too.
The alternative actual CA ("ISRG Root X1") is supported by "R3" too, thus its installation as trusted root CA in the operating system should solve the issue.

The certificates diagram: https://letsencrypt.org/images/isrg-hierarchy.png

Please check the following: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ (Update September 30, 2021 As planned, the DST Root CA X3 cross-sign has expired, and...)

---

Related:
- https://developer.chrome.com/docs/devtools/network (In general, use the Network panel when you need to...)
- https://www.globalsign.com/en/blog/how-to-view-ssl-certificate-details (How to view SSL certificate details in each browser...)
- https://www.technipages.com/google-chrome-bypass-your-connection-is-not-private-message (Chrome: Bypass “Your connection is not private” Message...)
- https://docs.microsoft.com/en-us/skype-sdk/sdn/articles/installing-the-trusted-root-certificate (Installing the trusted root certificate...)
- https://letsencrypt.org/certificates/ (Our roots are kept safely offline. We issue end...)

Best and kind regards ✨