I have just found this: - https://mjtsai.com/blog/2021/09/24/some-web-sites-will-stop-working-with-el-capitan-and-older/ The Let’s Encrypt Root Certificate, the IdentTrust DST Root CA X3 certificate, has expired

https://mjtsai.com/blog/2021/09/24/some-web-sites-will-stop-working-with-el-capitan-and-older/

The problem is the root certificate that Let’s Encrypt are currently using, the IdentTrust DST Root CA X3 certificate, has expired.

Let's Encrypt need to fix this?

I can't get any email support from Let's Encrypt?

Even though this seems to be entirely Let's Encrypt issue and only they can solve it. 2000 users are waiting for this in the Goggle Community?

Shame Google provide no support!

This is working as expected. The only possible solution from Let's Encrypt's side would be a new cross-signature from a newer (but older) CA, and there are at least two reasons why it's a bad idea:

  • it's expensive;
  • Let's Encrypt has its own roots and they should behave as roots, sooner rather than later.
2 Likes

No, this is intended. Well.. Unavoidable in practice. See DST Root CA X3 Expiration (September 2021) - Let's Encrypt for more info.

How old is your OSXmacOS that you don't have the ISRG Root X1 in your root store? According to Certificate Compatibility - Let's Encrypt the ISRG Root X1 is already in * macOS >= 10.12.1... 10.12.1 was released back in October 2016. That's almost 6 years ago already, so if you're running a macOS version older than that.. :roll_eyes:

3 Likes

For older macOS not updated by Apple:

  • Download the ISRG Root X1 certificate file from http://x1.i.lencr.org/
  • Open the Keychain Access app and drag that file into the System folder of that app.
  • Find the ISRG Root X1 certificate in System and double click on it, open the Trust menu and change "Use System Defaults" to "Always Trust", then close that and enter your password to confirm the change (if prompted).
5 Likes

Or use Firefox.

[Edit: I actually run a more recent version of macOS on an old 2009 Macbook Pro that's long since been abandoned by Apple using the dosdude1 updater: GitHub - dosdude1/macos-catalina-patcher: macOS Catalina Patcher (http://dosdude1.com/catalina)]

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.