Issue
Web browsers (Chrome and Safari) give warnings “This connection is not private” on certain HTTPS websites. After a closer look, it appeared that all affected websites were using Let’s Encrypt certificates.
The computer in question was a 2011 MacBook Air running El Capitan Mac OS. The issue was caused by DST Root CA X3 root certificate expiration in September 2021. As explained by Let’s Encrypt, this certificate has been replaced by ISRG Root X1 which is now trusted by pretty much all up to date operating systems. The problem is that El Capitan (and some other no longer supported older OS’s) never received this root certificate therefore do not trust it.
Resolution
The best solution is to upgrade the OS to a supported version, or at least a version that includes ISRG Root X1 certificate. In the case of Mac OS, this is macOS Sierra (10.12.1) and higher.
If an upgrade is not possible, the issue can be resolved manually:
- Download ISRG Root X1 certificate from Let’s Encrypt.
- Open Keychain Access and drag the downloaded isrgrootx1.der file into the System keychain.
- Double click the certificate and set Trust to Always Trust.
- Save the changes.
November 2021
MacBook Air 13 (mid-2011)
macOS El Capitan (10.11)
Leave a Reply