1. Forum
  2. Newsgroups
  3. comp.sys.mac.vintage

  • Adding New Let's Encrypt Certificate for old Mac OS and iOS

    From D Finnigan@dog_cow@macgui.com to comp.sys.mac.vintage on Fri Oct 1 02:12:12 2021
    From Newsgroup: comp.sys.mac.vintage

    Today, one of Let's Encrypt's chain-of-trust certificates expired. This
    caused some of my older Apple devices to give a certificate warning when
    trying to access some web sites.

    The fix is simple: you just need to add the new Let's Encrypt certificate to the certificate trust store in iOS. The new certificate that you need to add
    is called ISRG Root X1. You can get the PEM file here: https://letsencrypt.org/certs/isrgrootx1.pem

    If your machine can't access the Let's Encrypt web site because it doesn't support newer versions of TLS, then you need to download the PEM file on a newer computer, then put it on a web server that supports plain HTTP or an older TLS version, and download from there. I'm sure most people reading
    this newsgroup know how to set up a local web server at home to do this.
    --
    ]DF$
    The New Apple II User's Guide:
    https://macgui.com/newa2guide/

    --- Synchronet 3.19a-Linux NewsLink 1.113
  • From David Lesher@wb8foz@panix.com to comp.sys.mac.vintage on Sun Oct 3 20:23:07 2021
    From Newsgroup: comp.sys.mac.vintage

    D Finnigan <dog_cow@macgui.com> writes:


    The fix is simple: you just need to add the new Let's Encrypt certificate to >the certificate trust store in iOS. The new certificate that you need to add >is called ISRG Root X1. You can get the PEM file here: >https://letsencrypt.org/certs/isrgrootx1.pem

    Thanks for the details and URL.

    I saw <https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/> but your cite helped.

    Note I had to delete an old X3 before I could install a new one, and Firefox does not use the OSX Keychain.
    --
    A host is a host from coast to coast.................wb8foz@nrk.com
    & no one will talk to a host that's close..........................
    Unless the host (that isn't close).........................pob 1433
    is busy, hung or dead....................................20915-1433
    --- Synchronet 3.19a-Linux NewsLink 1.113
  • From super70s@super70s@super70s.invalid to comp.sys.mac.vintage,comp.sys.mac.system on Wed Oct 13 17:42:12 2021
    From Newsgroup: comp.sys.mac.vintage

    In article <dog_cow-1633054331@macgui.com>,
    D Finnigan <dog_cow@macgui.com> wrote:

    Today, one of Let's Encrypt's chain-of-trust certificates expired. This caused some of my older Apple devices to give a certificate warning when trying to access some web sites.

    The fix is simple: you just need to add the new Let's Encrypt certificate to the certificate trust store in iOS. The new certificate that you need to add is called ISRG Root X1. You can get the PEM file here: https://letsencrypt.org/certs/isrgrootx1.pem

    If your machine can't access the Let's Encrypt web site because it doesn't support newer versions of TLS, then you need to download the PEM file on a newer computer, then put it on a web server that supports plain HTTP or an older TLS version, and download from there. I'm sure most people reading
    this newsgroup know how to set up a local web server at home to do this.

    I didn't have a browser problem but both my Tenfourbird mail app on my
    Power Mac G4 running 10.4 and Apple Mail app on my 2009 iMac running
    10.11 quit connecting last week. I called my ISP who were clueless
    ("we'd be getting a lot of calls about this if our mail server was
    down") but I finally figured it out after a little web searching and
    installed the new certificate on both machines. Both mail accounts
    started working normally.

    Something strange though, the new certificate says it will expire in
    Nov. 2021 but I'm not sure if it will or not. Guess I'll find out in
    November.
    --- Synchronet 3.19a-Linux NewsLink 1.113
  • From D Finnigan@dog_cow@macgui.com to comp.sys.mac.vintage on Thu Oct 14 00:09:30 2021
    From Newsgroup: comp.sys.mac.vintage

    super70s wrote:

    I didn't have a browser problem but both my Tenfourbird mail app on my
    Power Mac G4 running 10.4 and Apple Mail app on my 2009 iMac running
    10.11 quit connecting last week.

    Yeah, any service (not just browsers) that is using a certificate from Let's Encrypt will need to be updated on older computer systems.


    Something strange though, the new certificate says it will expire in
    Nov. 2021 but I'm not sure if it will or not. Guess I'll find out in November.

    You might be looking at the expiration date of the "leaf" certificate, and
    not the higher-up root certificate ISRG Root X1. This one should expire over
    a decade from now.
    --
    ]DF$
    The New Apple II User's Guide:
    https://macgui.com/newa2guide/

    --- Synchronet 3.19a-Linux NewsLink 1.113
  • From denodster@denodster@gmail.com (denodster) to comp.sys.mac.vintage on Sat Nov 6 04:16:31 2021
    From Newsgroup: comp.sys.mac.vintage

    Had a customer write in to our support email with this last week. We
    were quite confused at first as we didn't have any other users that
    seemed to be having issue with our site. It turned out she was using a
    mac from several years back and running 10.11. Our solution ended up
    being to ask her to try firefox, which solved the issue for her enough
    to allow her to use our service.
    --- Synchronet 3.19a-Linux NewsLink 1.113