Expired Let's Encrypt certificate
On 30 September 2021, the website certificate issued one of the certificate issued by the non-profit organisation Let's Encrypt is expired. The company has decided to replace the expired certificate, which in most cases will not affect the operation of websites using their new certificate. However, for some older Apple computers, some websites cannot be viewed for security reasons. Here you can view the full list.
Solve website loading problems on Mac devices due to expired DST Root CA X3 certificate
The error message could be "DST Root CA X3 expired" or "Your connection is not private" or "Attackers might be trying to steal your information" or similar. As an exception, affected websites can be added to the browser one by one, but a more permanent solution for machines with El Capitan (macOS 10.11) or earlier which cannot be upgraded any further is the following this manual installation method:
- Click the link to download the certificate from the Let's Encrypt website.
- In the top menu bar of the window, click on the magnifying glass icon, which will open the Spotlight search and type in keychain access then open the program with the icon shown in the picture (or similar keychain).
- Click the Keychain Access program, click on System in the top left section of the window. Then drag and drop the previously downloaded ISGR Root X1 certificate into the certificate list in the right half of the window. You will need the admin users password to install, then click Change.
- Find the installed ISGR Root X1 certificate in the list, double-click on it and open the Trust settings.
- In the drop-down list next to"When using this certificate" select"Always Trust"instead of"Use System Defaults"If necessary, you can re-enter the admin user password. Then close the window to confirm the change.
Hopefully you will no longer have certificate/loading problems when opening websites.
Other solutions to troubleshoot certificate errors
Another solution is to upgrade your computers to High Sierra or later (macOS 10.12.1), which can be done on the devices listed below:
- MacBook Pro (2010 or later)
- MacBook (2009 second half or later)
- MacBook Air (2010 or later)
- iMac (2009 second half or later)
- Mac Pro (2010 or later)
- Mac Mini (2010 or later)
To update the operating system, you must select Software Update from the System properties menu in the Apple logo menu. Here, clicking the Update Now button will start the process.
Downloading and installing Firefox can also solve the problem, because Mozilla's browser uses its own set of certificates and not those installed on the operating system. However, Safari and Chrome browsers will still not work properly.