I'm just summarizing the symptoms and workarounds/fixes as far as I know, at least as far as Mac OS X goes.
Staring Sept 30th 2021, Mac OS X 10.11 El Capitan (Fall 2015), Mac OS X 10.10 Yosemite (Fall 2014), and Mac OS X 10.9 Mavericks (Fall 2013) (and earlier) no longer trust Let's Encrypt certificates.
Chrome error is something like: "Your connection is not private" "Attackers might be trying to steal your information from ... (for example, passwords, messages, or credit cards)." "NET::ERR_CERT_DATE_INVALID".
Safari error is something like "This Connection Is Not Private" "This website may be impersonating "..." to steal your personal or financial information. You should go back to the previous page."
There are at least 4 client-side fixes/workarounds for old versions of Mac OS X:
-
Upgrade to Mac OS X Sierra (10.12.1) or newer. Here's the link which has links and hardware requirements for old MacOS versions: https://support.apple.com/en-gb/HT211683
-
Use Firefox instead of Chrome or Safari. https://www.mozilla.org/firefox/new/
-
Install and trust the ISRG Root X1 certificate from https://letsencrypt.org/certs/isrgrootx1.pem (I'm not sure what the exact instructions are for installing and trusting it. (der vs pem vs txt?, Login, local, System, or System Roots?, drag it in? set to "Always Trust", etc)
-
Force Mac OS to Always Trust the expired DST Root CA X3 certificate:
- Open the Keychain Access app (under Finder -> Applications -> Utilities )
- On the left sidebar under System Keychains click System Roots
- In the menu bar at the top of screen under View, select Show Expired Certificates
- In the Search bar the top-right, type DST
- Double-click DST Root CA X3 (or click it once and then press enter/return)
- In the pop-up, click the > arrow next to Trust
- Set When using this certificate to Always Trust
- Close the pop-up by clicking the red x in the top-left
- It will ask you to Enter your password to allow this
- Restart Chrome or Safari (or your whole computer)