Thanks for this! I run some buildbots deliberately using older macOS and their git and svn have been unable to pull new code since yesterday.
What worked for me on macOS 10.10 and 10.11 was:
- with Safari, download old Firefox 78 ESR: https://download.mozilla.org/?product=firefox-esr-latest-ssl&os=osx&lang=en-US (newer Firefox don't support old macOS)
- with Firefox, download this file: https://letsencrypt.org/certs/isrgrootx1.der (Safari can't download it because letsencrypt.org itself serves the problematic expired cert.)
- drag the downloaded file to KeyChain Access.app
- when prompted, choose to add it to the "System" keychain (you'll need admin password)
- in Keychains > System, find "ISRG Root X1", it should have a red X on its icon
- double click it, a new window appears
- under the Trust section, for "when using this certificate" choose "Always Trust"
- close window, enter your admin password again
After that my svn up and git pull now work again from various servers.