JUMPINGSPIDER.CO.UK – blogging at its jumpiest

Websites not trusted after Sep 30th 2021?

For Mac OS(X)

If half the websites you go to on your Mac say the certificate has expired, and this problem started in 1st October 2021, you may need to manually update the Root Certificates in your Keychain. The cause is likely to be that Let’s Encrypt uses a certificate that expired 30th September: DST Root CA X3.

I couldn’t find a way to remove this old certificate from my Mac but the fix was to open Apple Keychain Access and manually install a new Root Certificate.

First download the new certificate from this link: https://letsencrypt.org/certs/isrgrootx1.der

Open Keychain Access
Unlock and Select the System keychain
Go to >File >Import Items and import the new certificate – that should be it.

For iPad iPhone or iOS

The same issue can arise on older iPads and other iOS devices – to fix it on these is quite simple.

On the iPad go to: https://letsencrypt.org/certificates/

You’ll need to confirm that you trust the website at several stages in this procedure.

On the page that appears, Tap on the link to pem which appears like this:


    • ISRG Root X1 (RSA 4096, O = Internet Security Research Group, CN = ISRG Root X1)
      • Self-signed: der, pem, txt
      • Cross-signed by DST Root CA X3: der, pem, txt

The iPad system will then load the required Certificate and you’re good to go.


Submit a Comment

Your email address will not be published. Required fields are marked *