Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Adding New Let's Encrypt Certificate for old Mac OS and iOS
274 views
Skip to first unread message
D Finnigan
Sep 30, 2021, 10:12:13 PM9/30/21
to
Today, one of Let's Encrypt's chain-of-trust certificates expired. This
caused some of my older Apple devices to give a certificate warning when
trying to access some web sites.
The fix is simple: you just need to add the new Let's Encrypt certificate to
the certificate trust store in iOS. The new certificate that you need to add
is called ISRG Root X1. You can get the PEM file here:
https://letsencrypt.org/certs/isrgrootx1.pem
If your machine can't access the Let's Encrypt web site because it doesn't
support newer versions of TLS, then you need to download the PEM file on a
newer computer, then put it on a web server that supports plain HTTP or an
older TLS version, and download from there. I'm sure most people reading
this newsgroup know how to set up a local web server at home to do this.
--
]DF$
The New Apple II User's Guide:
https://macgui.com/newa2guide/
caused some of my older Apple devices to give a certificate warning when
trying to access some web sites.
The fix is simple: you just need to add the new Let's Encrypt certificate to
the certificate trust store in iOS. The new certificate that you need to add
is called ISRG Root X1. You can get the PEM file here:
https://letsencrypt.org/certs/isrgrootx1.pem
If your machine can't access the Let's Encrypt web site because it doesn't
support newer versions of TLS, then you need to download the PEM file on a
newer computer, then put it on a web server that supports plain HTTP or an
older TLS version, and download from there. I'm sure most people reading
this newsgroup know how to set up a local web server at home to do this.
--
]DF$
The New Apple II User's Guide:
https://macgui.com/newa2guide/
David Lesher
Oct 3, 2021, 4:23:08 PM10/3/21
to
D Finnigan <dog...@macgui.com> writes:
>The fix is simple: you just need to add the new Let's Encrypt certificate to
>the certificate trust store in iOS. The new certificate that you need to add
>is called ISRG Root X1. You can get the PEM file here:
>https://letsencrypt.org/certs/isrgrootx1.pem
Thanks for the details and URL.
>The fix is simple: you just need to add the new Let's Encrypt certificate to
>the certificate trust store in iOS. The new certificate that you need to add
>is called ISRG Root X1. You can get the PEM file here:
>https://letsencrypt.org/certs/isrgrootx1.pem
I saw <https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/>
but your cite helped.
Note I had to delete an old X3 before I could install a new one, and Firefox
does not use the OSX Keychain.
--
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close..........................
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433
D Finnigan
Oct 13, 2021, 8:09:31 PM10/13/21
to
super70s wrote:
>
> I didn't have a browser problem but both my Tenfourbird mail app on my
> Power Mac G4 running 10.4 and Apple Mail app on my 2009 iMac running
> 10.11 quit connecting last week.
Yeah, any service (not just browsers) that is using a certificate from Let's
Encrypt will need to be updated on older computer systems.
>
> Something strange though, the new certificate says it will expire in
> Nov. 2021 but I'm not sure if it will or not. Guess I'll find out in
> November.
You might be looking at the expiration date of the "leaf" certificate, and
not the higher-up root certificate ISRG Root X1. This one should expire over
a decade from now.
>
> I didn't have a browser problem but both my Tenfourbird mail app on my
> Power Mac G4 running 10.4 and Apple Mail app on my 2009 iMac running
> 10.11 quit connecting last week.
Yeah, any service (not just browsers) that is using a certificate from Let's
Encrypt will need to be updated on older computer systems.
>
> Something strange though, the new certificate says it will expire in
> Nov. 2021 but I'm not sure if it will or not. Guess I'll find out in
> November.
You might be looking at the expiration date of the "leaf" certificate, and
not the higher-up root certificate ISRG Root X1. This one should expire over
a decade from now.
denodster
Nov 6, 2021, 12:16:32 AM11/6/21
to
Had a customer write in to our support email with this last week. We
were quite confused at first as we didn't have any other users that
seemed to be having issue with our site. It turned out she was using a
mac from several years back and running 10.11. Our solution ended up
being to ask her to try firefox, which solved the issue for her enough
to allow her to use our service.
were quite confused at first as we didn't have any other users that
seemed to be having issue with our site. It turned out she was using a
mac from several years back and running 10.11. Our solution ended up
being to ask her to try firefox, which solved the issue for her enough
to allow her to use our service.
0 new messages