In the following OS and browser, cases are encountered that are not protected when accessing a site that issued a certificate with Let’s Encript.
OS and browser
Mac OS X 10.4.11 / Safari 4.1.3
If you have any inquiries, would you please tell us what kind of cause is considered?
Safari 4 came out in 2008.
Maybe you could try Safari 5, 6, 7, 8, 9, 10, or 11.
It could be a ciphersuite compatibility problem, probably not a certificate problem. @sayama, can you tell us the domain name of the site, and what error the users see in their browser?
It could also be a https://www.whynopadlock.com/ problem…
But then it would not be specific to just Safari 4.1.3.
Which implies no problem seen from newer browsers.
If so, then it may just be that the LE trusted roots are not included in his system.
Which would imply that it is TIME TO UPDATE your system.
Which goes back to my first suggestion:
Maybe you could try Safari 5, 6, 7, 8, 9, 10, or 11.
I agree that it is appropriate to recommend people upgrade to supported client-side software, but if we can see the domain name and the details of the error, we can also try to figure out whether there’s something to be done to maintain compatibility with older clients, even clients that are no longer officially supported. This is not an unusual desire for site operators!
Agreed, it can be many things.
With such minimal information provided, we can only imagine the possibilities.
But I think the problem is kind of self evident and seemingly self-induced.
And yet, we would like to be sure; so, yes, if we could get any type of response/update/additional info… maybe we could solve this or at least move on.
Thank you for much advice!
After that, I investigated and found that the user’s environment (Mac OS X 10.4.11 / Safari 4.1.3) does not support SHA-2. Because of this, it seems that it could not connect safely.
*The message displayed on the user’s browser is as follows.
---------
Safari can’t open the page.
Safari can’t open the pade because Safari can’t establish a secure connection to the server
---------
If the user’s browser really does not support SHA-2, that user should be experiencing browser warnings on a very large number of Internet sites, regardless of whether those sites are using Let’s Encrypt or any other certificate authority. It has been forbidden for certificate authorities to issue new SHA-1 certificates since January 1, 2016, and I believe several browsers completely removed support for SHA-1 in the browser at the start of 2017. Thus, there can’t be very many sites that are still offering SHA-1 certificates now…
It might be helpful to ask the user to visit
https://www.ssllabs.com/ssltest/viewMyClient.html
which performs a test of the client-side technology support in a visitor’s browser. The resulting report can be helpful to explain any compatibility problems between a browser and a server. It will give a lot of technical detail about exactly what is or is not supported by that browser.
People still on Mac OS X 10.4 and 10.5 are those still hanging on to their old PowerPC-based Macs. Unfortunately, SHA-256 signature support was introduced in Mac OS X 10.5, leaving a number of PowerPC Macs out. 
️
@sayama If you or your friends/clients want to browse the modern Web on these machines, try TenFourFox:
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.