Expired DST Root CA X3 Certificate Error Resolution

Expired Let's Encrypt certificate

On 30 September 2021, the website certificate issued one of the certificate issued by the non-profit organisation Let's Encrypt is expired. The company has decided to replace the expired certificate, which in most cases will not affect the operation of websites using their new certificate. However, for some older Apple computers, some websites cannot be viewed for security reasons. Here you can view the full list.

Solve website loading problems on Mac devices due to expired DST Root CA X3 certificate

The error message could be "DST Root CA X3 expired" or "Your connection is not private" or "Attackers might be trying to steal your information" or similar. As an exception, affected websites can be added to the browser one by one, but a more permanent solution for machines with El Capitan (macOS 10.11) or earlier which cannot be upgraded any further is the following this manual installation method:

  1. Click the link to download the certificate from the Let's Encrypt website.
    Lejárt tanúsítvány megoldás 1Lejárt tanúsítvány megoldás 2
  2. In the top menu bar of the window, click on the magnifying glass icon, which will open the Spotlight search and type in keychain access then open the program with the icon shown in the picture (or similar keychain).
    Lejárt tanúsítvány megoldás 3
  3. Click the Keychain Access program, click on System in the top left section of the window. Then drag and drop the previously downloaded ISGR Root X1 certificate into the certificate list in the right half of the window. You will need the admin users password to install, then click Change.
    Lejárt tanúsítvány megoldás 4
  4. Find the installed ISGR Root X1 certificate in the list, double-click on it and open the Trust settings.
    Lejárt tanúsítvány megoldás 5
  5. In the drop-down list next to"When using this certificate" select"Always Trust"instead of"Use System Defaults"If necessary, you can re-enter the admin user password. Then close the window to confirm the change.
    Lejárt tanúsítvány megoldás 6

Hopefully you will no longer have certificate/loading problems when opening websites.

Other solutions to troubleshoot certificate errors

Another solution is to upgrade your computers to High Sierra or later (macOS 10.12.1), which can be done on the devices listed below:

  • MacBook Pro (2010 or later)
  • MacBook (2009 second half or later)
  • MacBook Air (2010 or later)
  • iMac (2009 second half or later)
  • Mac Pro (2010 or later)
  • Mac Mini (2010 or later)

To update the operating system, you must select Software Update from the System properties menu in the Apple logo menu. Here, clicking the Update Now button will start the process.

Downloading and installing Firefox can also solve the problem, because Mozilla's browser uses its own set of certificates and not those installed on the operating system. However, Safari and Chrome browsers will still not work properly.


Back to Blog

Similar contents

No Results Found

The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.

Pin It on Pinterest