Skip to content


  • by

But the date is valid!

tl;dr: you can grab the ISRG Root X1 cert, then import and trust that in Keychain Access

I have an old laptop that I don’t use terribly often. With the expiry of DST Root CA X3, I ran into connection issues with websites using LE- quite a few, including my own!

I’d better contact the site administrator… oh, beans.

Annoyingly, many of the places that explain how to sort this — including here — are behind an LE cert, making it irksome to get to the solution.

Thankfully I was able to get at some instructions using a cached version of the LE community forums (thanks webprofusion!):

For older macOS, try:

– downloading

– Open the Keychain Access app and dragging that file into the System folder of that app.

– then find the ISRG Root X1 certificate in System and double click on it, open the Trust menu and change “Use System Defaults” to “Always Trust”, then close that and enter your password to confirm the change (if prompted).

After downloading the cert, you should be able to drag it into Keychain Access:

and then grant it access:

change ‘When using this certificate’, then close the dialog to apply


… though maybe update to an OS that is a bit more recent?

Tell us what's on your mind