How to fix Failed - Certificate error (revocation check) 221

This error means that Windows is unable to connect to our security certificate's revocation server.

The first thing to check is that your date and time are set correctly.

If that's set properly and you're still having trouble, the easiest way to fix it is to change an Internet Explorer setting (Ninite uses the same settings).

Since Ninite runs as Administrator, you may need to log in as Administrator and change these settings for that account.

  1. Open Internet Explorer.

  2. In the Tools menu select Internet Options.

  3. Pick the Advanced tab and then scroll down to the Security section as pictured below.

  4. Then turn off or uncheck Check for server certificate revocation, highlighted below.

  5. Click OK at the bottom of the window.

Turn off check for server certificate revocation

Technical Details

The underlying issue with this error is that a machine is being blocked from contacting the revocation servers for our web server's SSL certificate. To pass the check a machine needs to contact at least one revocation server over HTTP/port 80.

The servers are:

  • ocsp.sca1b.amazontrust.com
  • crl.sca1b.amazontrust.com

Adding those to any firewall or proxy whitelists you may have would be a good way to solve this problem on multiple machines at once.