Let's Encrypt DST Root CA X3 Expiration

Ryan Schmidt ryandesign at macports.org
Sun Oct 3 02:43:18 UTC 2021


I've added info about this to the problem hotlist including instructions for how to add the new ISRG Root X1 certificate to your older Mac manually:


https://trac.macports.org/wiki/ProblemHotlist#letsencrypt


I've done this on our Buildbot machines running OS X 10.11 and earlier which should allow them to continue to fetch packages and distfiles.



On Oct 2, 2021, at 04:14, Ryan Schmidt wrote:

> On the web servers we control, we can apparently remove the expired DST Root CA X3 certificate from the chain that we send. That will help those systems that already trust ISRG Root X1. I'm not sure how far back that is.

I have made this change on the buildbot web server. It seems to help OS X 10.11 and earlier.

We should make the same changes to our other servers. Maybe Rainer or Clemens can take care of the hosts on Braeburn. I'll have to see what we need to do to get the change onto the distfiles and packages servers and mirrors.




More information about the macports-users mailing list