Apple Macintosh Cybersecurity Microsoft Windows

Website Security Fails?!?

Is your web browser alerting that you’re going to insecure or dangerous websites? A lot of sites, including Shopify and Wikipedia, are ‘failing’ on older devices. Many apps are also having issues.

You are unlikely to have these issues if you have a current computer, tablet, or phone which has received all of its available updates. Older devices which are not fully up-to-date are going to have these problems.

Apple computers running macOS El Capitan (version 10.11.x) or earlier no longer trust these websites. Windows XP SP2 computers are also not able to trust these sites. Most iPhones should be OK but many older or less expensive Android phones and tablets will have troubles.

Before you tinker!

Before you start working to fix this issue, consider that the issue might NOT be what you’re experiencing!

  1. If you can go to,, and without a security error, it’s likely that you’re OK in terms of this specific issue.
  2. If you get a security error at,,,, or, then you likely have a completely different issue. This could be anything from your device’s date and time being off, missing device updates, the network (wireless/wired) that you’re using, etc. You may want to ask for help on this!

Fixes that work

Fix #1 – Update your device

Updating your computer’s operating system (macOS, Windows, Linux, etc.) will fix this issue IF you can upgrade to a good version. For Mac, that’s Sierra (10.12) or newer (High Sierra, Mojave, Catalina, Big Sur, and Monterey). For Windows, you should be on Windows 8.1 or newer (including Windows 10 or Windows 11). Note: Windows 11 just came out and I highly recommend waiting for a while before you upgrade.

Fix #2 – Replace your device

Your device may not accept a newer operating system or it may run very poorly with it. In either case, this is a very good time to consider buying a new device. If you’re having issues like this, you’re likely already having other problems or soon will be.

Fix #3 – Manually fix the issue

This fix is not very difficult to perform, but it is unusual technical work for most people. Please consider asking for help!

Apple Mac (macOS)

  1. Browse to and allow the ISRG Root X1.der file to download
  2. If prompted to open the file with Keychain Access, allow this! If not, save the file. If you saved the file, open it in Keychain Access.
    • If Keychain Access opened, you’ll get a message similar to “Keychain Access is trying to modify the system keychain. Touch ID or enter your password to allow this.” Yes, allow this.

      Then, double-click on the ISRG Root X1 certificate, open the Trust section, and change “When using this certificate” to “Always Trust”. You may be asked for permission on this. Again, allow the change.

iPhone (iOS) and iPad (iPadOS)

The process for iPhone and iPad is more complicated and I highly recommend getting good help for this. Please ask me if you need this.


  1. Browse to and allow the ISRG Root X1.der file to download
  2. Open the downloaded file, click “Install Certificate”
  3. Yes, select the default option for “Automatically Select” location and click “Finish”
  4. Reboot your computer. (Yes, please do this!)

Why is this happening?

Websites are ‘secured’ using digital certificates, sometimes called SSL certificates or TLS certificates. Websites present these certificates to your web browser to prove their identity is good just as you might present your driver’s license to prove your identity at a bank.

Your driver’s license includes information that ties it to you — your name, photo, date of birth, address, etc. It also includes information identifying the issuer of your license — the state’s DMV or licensing agency.

In this driver’s license analogy, your license will be trusted as long as your bank believes that the document is yours and they trust the state that issued it. In addition, your license has an expiration date. It may not be trusted if it’s expired.

Digital certificates used for websites work essentially the same way, though they are very rarely issued and backed by the government. Instead, corporations create Certification Authorities which act as trusted issuers of these documents.

A lot of websites and apps use a Certificate Authority called Let’s Encrypt. They provide a fantastic and free service which helps to improve internet security for less cost.

Let’s Encrypt changed the way they create their certificates AND they notified users of their services that they were doing this many months ago. With that notice was the caveat that many older devices would not be compatible with the new certificates.

Thus, this was not a surprise to anyone using the certificates. Unfortunately, a lot of those web sites didn’t put out the word to their customers.

Additional Resources

Some of these links may be more technical than you’d like. I’ve found them helpful for reference.

Cyber Privacy Cybersecurity

Do just one thing before Halloween….

Cybersecurity Awareness Month lasts just one more week. Have you done anything to improve your privacy or security this month? Here’s a list of the 10 Cybersecurity Essentials to concentrate your energy towards. Adopting these ten areas as habits helps not only with security but also the more elusive privacies we deserve. If you’ve already adopted each of these into your business and personal life, GREAT! Teach your family, especially your amazing kids.

  1. Passwords
    adopt a password management system so that all of your passwords are long, complex, and unique
  2. Two-factor Authentication
    use hardware or application tokens everywhere possible
  3. Backups
    use the 3-2-1 rule for backups: 3 copies, 2 backup mediums (disks, online), 1 backup
  4. Updates
    update everything – hardware, operating system, applications, TVs, doorbells, printers
  5. Endpoint Protection
    install and use endpoint protection and ensure a full scan is performed at least weekly
  6. Web browser setup
    learn how to set up your browser for best security privacy; don’t use it its ‘out of the box’ configuration
  7. Ad/script blocking
    stop trackers and malicious ads
  8. Virtual Private Networking (VPN)
    use VPNs to protect your identity, inhibit tracking
  9. Firewalls
    Use on-device firewalls (yes, two in some cases) in addition to hardware perimeter firewalls
  10. Encryption
    This is the toughest one for most to grasp. It’s jargon-laden and misrepresented by many service providers. We need to understand encryption better, know why some kinds are great and others aren’t worth much. End-to-end encryption and zero-knowledge providers vs transport security, and more.

    What have you done this month or what are you going to do before Halloween? Let me know!

    Want help? Check out the Humane Tech Podcast or our training