Mac OS – This Connection is Not Private

Issue

Web browsers (Chrome and Safari) give warnings “This connection is not private” on certain HTTPS websites. After a closer look, it appeared that all affected websites were using Let’s Encrypt certificates.

The computer in question was a 2011 MacBook Air running El Capitan Mac OS. The issue was caused by DST Root CA X3 root certificate expiration in September 2021. As explained by Let’s Encrypt, this certificate has been replaced by ISRG Root X1 which is now trusted by pretty much all up to date operating systems. The problem is that El Capitan (and some other no longer supported older OS’s) never received this root certificate therefore do not trust it.

Resolution

The best solution is to upgrade the OS to a supported version, or at least a version that includes ISRG Root X1 certificate. In the case of Mac OS, this is macOS Sierra (10.12.1) and higher.

If an upgrade is not possible, the issue can be resolved manually:

  • Download  ISRG Root X1 certificate from Let’s Encrypt.
  • Open Keychain Access and drag the downloaded isrgrootx1.der file into the System keychain.
  • Double click the certificate and set Trust to Always Trust.
  • Save the changes.

 Mac OS Keychain Access

November 2021
MacBook Air 13 (mid-2011)
macOS El Capitan (10.11)

 


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *