Installing the new Let’s Encrypt root certificate
All of our websites (and many others across the web) use certificates for encrypted connections issued by Let’s Encrypt. On 30 September 2021 the root certificate for Let’s Encrypt, which validates every certificate issued by them, expired. Most computers and other devices have automatically been updated to support the new chain of certificate trust provided by Let’s Encrypt.
However, older devices may not receive this update. If you have trouble accessing a website we manage, please follow these instructions to manually install the new certificate chain. Unfortunately we cannot do this for you. Each computer that did not automatically install the updated certificate will have to have the certificate manually installed.
Your older version of macOS or iOS is probably holding onto the expired
R3 > DST Root CA X3 certificate chain even though it should no longer be used. For older macOS systems not updated by Apple:
- Download the ISRG Root X1 certificate file from http://x1.i.lencr.org/
- Open the Keychain Access app and drag the “ISRG Root X1” certificate file you just downloaded into the System keychain in Keychain Access.
- Find the ISRG Root X1 certificate in the System keychain and double click on it. Open the Trust option in that window and change “Use System Defaults” to “Always Trust”. If you are asked for your password, please enter it and close this window.
On older Windows with an outdated trust store you can manually install the “ISRG Root X1” certificate:
- Browse to http://x1.i.lencr.org/ in order to download the file for ISRG Root X1 (your browser may warn about the file type and you may need to click “Keep” to save the file).
- Open the file, click “Install Certificate…”, Choose default option “automatically select…”, Next, and Finish.
- Reboot your computer.
[Note, these instructions are from Certify the Web, but since their page is secure and thus inaccessible to the people who most need it, we are repeating them here.]