Let's Encrypt DST Root CA X3 Expiration

raf macports at raf.org
Wed Oct 6 00:34:46 UTC 2021

On Tue, Oct 05, 2021 at 05:33:53PM -0500, Ryan Schmidt <ryandesign at macports.org> wrote:

> On Oct 3, 2021, at 02:32, raf wrote:
> > The instructions
> > https://trac.macports.org/wiki/ProblemHotlist#letsencrypt
> > include a suggestion of asking other webserver
> > administrators to delete "DST Root CA X3" from their
> > full chain, and use --preferred-chain "ISRG Root X1"
> > when next renewing their LetsEncrypt certificate, so
> > that those sites will work with macOS 10.{4-7,13,14}.
> > This would result in the loss of access by old Android
> > devices. Each webserver administrator would have to
> > decide which clients are more important. Obviously, for
> > macports.org, the old macOS clients are more important.
> Right, except it's not just old macOS; macOS 10.13 and 10.14 are
> affected which aren't that old, and even users on macOS 11 have
> reported some problems. Support for macOS is obviously more important
> than support for old Android in my book. Others' books may be
> different.

Yes, I'm using 10.14 and will continue to do so for as long as I can
(I don't want to lose access to a cherished 32bit Oxford English
Dictionary application).


More information about the macports-users mailing list