Is your web browser alerting that you’re going to insecure or dangerous websites? A lot of sites, including Shopify and Wikipedia, are ‘failing’ on older devices. Many apps are also having issues.
You are unlikely to have these issues if you have a current computer, tablet, or phone which has received all of its available updates. Older devices which are not fully up-to-date are going to have these problems.
Apple computers running macOS El Capitan (version 10.11.x) or earlier no longer trust these websites. Windows XP SP2 computers are also not able to trust these sites. Most iPhones should be OK but many older or less expensive Android phones and tablets will have troubles.
Before you tinker!
Before you start working to fix this issue, consider that the issue might NOT be what you’re experiencing!
- If you can go to EFF.org, Wikipedia.org, and Kayak.com without a security error, it’s likely that you’re OK in terms of this specific issue.
- If you get a security error at DuckDuckGo.com, Apple.com, Microsoft.com, Google.com, or Vimeo.com, then you likely have a completely different issue. This could be anything from your device’s date and time being off, missing device updates, the network (wireless/wired) that you’re using, etc. You may want to ask for help on this!
Fixes that work
Fix #1 – Update your device
Updating your computer’s operating system (macOS, Windows, Linux, etc.) will fix this issue IF you can upgrade to a good version. For Mac, that’s Sierra (10.12) or newer (High Sierra, Mojave, Catalina, Big Sur, and Monterey). For Windows, you should be on Windows 8.1 or newer (including Windows 10 or Windows 11). Note: Windows 11 just came out and I highly recommend waiting for a while before you upgrade.
Fix #2 – Replace your device
Your device may not accept a newer operating system or it may run very poorly with it. In either case, this is a very good time to consider buying a new device. If you’re having issues like this, you’re likely already having other problems or soon will be.
Fix #3 – Manually fix the issue
This fix is not very difficult to perform, but it is unusual technical work for most people. Please consider asking for help!
Apple Mac (macOS)
- Browse to http://x1.i.lencr.org/ and allow the ISRG Root X1.der file to download
- If prompted to open the file with Keychain Access, allow this! If not, save the file. If you saved the file, open it in Keychain Access.
- If Keychain Access opened, you’ll get a message similar to “Keychain Access is trying to modify the system keychain. Touch ID or enter your password to allow this.” Yes, allow this.
Then, double-click on the ISRG Root X1 certificate, open the Trust section, and change “When using this certificate” to “Always Trust”. You may be asked for permission on this. Again, allow the change.
- If Keychain Access opened, you’ll get a message similar to “Keychain Access is trying to modify the system keychain. Touch ID or enter your password to allow this.” Yes, allow this.
iPhone (iOS) and iPad (iPadOS)
The process for iPhone and iPad is more complicated and I highly recommend getting good help for this. Please ask me if you need this.
Windows
- Browse to http://x1.i.lencr.org/ and allow the ISRG Root X1.der file to download
- Open the downloaded file, click “Install Certificate”
- Yes, select the default option for “Automatically Select” location and click “Finish”
- Reboot your computer. (Yes, please do this!)
Why is this happening?
Websites are ‘secured’ using digital certificates, sometimes called SSL certificates or TLS certificates. Websites present these certificates to your web browser to prove their identity is good just as you might present your driver’s license to prove your identity at a bank.
Your driver’s license includes information that ties it to you — your name, photo, date of birth, address, etc. It also includes information identifying the issuer of your license — the state’s DMV or licensing agency.
In this driver’s license analogy, your license will be trusted as long as your bank believes that the document is yours and they trust the state that issued it. In addition, your license has an expiration date. It may not be trusted if it’s expired.
Digital certificates used for websites work essentially the same way, though they are very rarely issued and backed by the government. Instead, corporations create Certification Authorities which act as trusted issuers of these documents.
A lot of websites and apps use a Certificate Authority called Let’s Encrypt. They provide a fantastic and free service which helps to improve internet security for less cost.
Let’s Encrypt changed the way they create their certificates AND they notified users of their services that they were doing this many months ago. With that notice was the caveat that many older devices would not be compatible with the new certificates.
Thus, this was not a surprise to anyone using the certificates. Unfortunately, a lot of those web sites didn’t put out the word to their customers.
Additional Resources
Some of these links may be more technical than you’d like. I’ve found them helpful for reference.
- Let’s Encrypt’s Compatibility List for the new certificates
- Certify The Web’s fixes for this Let’s Encrypt issue
- Millions Experience Browser Problems After Long-Anticipated Expiration of ‘Let’s Encrypt’ Certificate, Slashdot
- Let’s Encrypt’s Root Certificate is expiring!, Scott Helme