Let's Encrypt DST Root CA X3 Expiration

Ryan Schmidt ryandesign at macports.org
Tue Oct 5 22:33:53 UTC 2021

On Oct 3, 2021, at 02:32, raf wrote:

> The instructions
> https://trac.macports.org/wiki/ProblemHotlist#letsencrypt
> include a suggestion of asking other webserver
> administrators to delete "DST Root CA X3" from their
> full chain, and use --preferred-chain "ISRG Root X1"
> when next renewing their LetsEncrypt certificate, so
> that those sites will work with macOS 10.{4-7,13,14}.
> This would result in the loss of access by old Android
> devices. Each webserver administrator would have to
> decide which clients are more important. Obviously, for
> macports.org, the old macOS clients are more important.

Right, except it's not just old macOS; macOS 10.13 and 10.14 are affected which aren't that old, and even users on macOS 11 have reported some problems. Support for macOS is obviously more important than support for old Android in my book. Others' books may be different.

More information about the macports-users mailing list