This isn’t directly a Let’s Encrypt issue, but I’m hoping this audience can help me resolve it as it’s obviously deeply related to SSL certificates. (If this is deemed too off-topic, please accept my apologies and let me know.)
On macOS (10.14.6), using Safari (13.1), Safari is telling me that it “can’t establish a secure connection to the server”. But only sometimes:
- The majority of sites work fine.
- It works fine after a reboot.
- Last time it went 27 hours after the reboot before re-occurring. ¯\_(ツ)_/¯
It’s weirder than that:
- OmniFocus, which establishes an SSL connection to https://sync3.omnigroup.com, also fails.
- Plenty of other sync services on my Mac do not fail. OF must be using the system certificates?
- Some sites which use the Let’s Encrypt Authority X3 certificate keep working (e.g. https://coruscade.com).
- Other sites which use the same certificate chain fail (e.g. https://bum-man.com.au).
- That last site is actually hosted at https://bumman2020.netlify.com. When accessed via that URL, the certificate is DigiCert SHA2 Secure Server CA and works A-OK.
- Firefox always works. So how does its certificate behaviour differ from Safari? Does it manage its own, and not use the system keychain?
- Brave fails but in a really weird way. It tells me that the cert is invalid (
NET::ERR_CERT_INVALID) but when I inspect the certificates they’re all valid! Here’s an example of that, using another certificate that fails. (https://theage.com.au is a large newspaper – this site works fine in Firefox.)
- When this issue occurs, it’s always the same certificates that fail. Repeatable, predictable.
- I have re-created my keychain. Made no difference – I assume that just deleted my personal stuff but didn’t touch the system root certificates?
I have a question open on StackExchange which has some more detail. This is driving me bananas.
Please someone here tell me how macOS certificate management works, and help me fix this. Thank you.