Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

There are always alternatives. -- Spock, "The Galileo Seven", stardate 2822.3

computers / comp.sys.mac.vintage / Adding New Let's Encrypt Certificate for old Mac OS and iOS

SubjectAuthor
* Adding New Let's Encrypt Certificate for old Mac OS and iOSD Finnigan
+- Re: Adding New Let's Encrypt Certificate for old Mac OS and iOSDavid Lesher
`* Re: Adding New Let's Encrypt Certificate for old Mac OS and iOSsuper70s
 `* Re: Adding New Let's Encrypt Certificate for old Mac OS and iOSD Finnigan
  `- Re: Adding New Let's Encrypt Certificate for old Mac OS anddenodster

1
Adding New Let's Encrypt Certificate for old Mac OS and iOS

<dog_cow-1633054331@macgui.com>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=25&group=comp.sys.mac.vintage#25

  copy link   Newsgroups: comp.sys.mac.vintage
Path: i2pn2.org!i2pn.org!news.swapon.de!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: dog_...@macgui.com (D Finnigan)
Newsgroups: comp.sys.mac.vintage
Subject: Adding New Let's Encrypt Certificate for old Mac OS and iOS
Date: Fri, 1 Oct 2021 02:12:12 -0000 (UTC)
Organization: Mac GUI
Lines: 20
Message-ID: <dog_cow-1633054331@macgui.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 1 Oct 2021 02:12:12 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="c30a1a908a7f922b2e1e9697573f35c9";
logging-data="875"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+LJoQt/lCGPwjYlVKUOXe6"
User-Agent: Mac GUI Usenet
Cancel-Lock: sha1:ehOjVM/Nf+7SG1gpkSeC09bYXZQ=
 by: D Finnigan - Fri, 1 Oct 2021 02:12 UTC

Today, one of Let's Encrypt's chain-of-trust certificates expired. This
caused some of my older Apple devices to give a certificate warning when
trying to access some web sites.

The fix is simple: you just need to add the new Let's Encrypt certificate to
the certificate trust store in iOS. The new certificate that you need to add
is called ISRG Root X1. You can get the PEM file here:
https://letsencrypt.org/certs/isrgrootx1.pem

If your machine can't access the Let's Encrypt web site because it doesn't
support newer versions of TLS, then you need to download the PEM file on a
newer computer, then put it on a web server that supports plain HTTP or an
older TLS version, and download from there. I'm sure most people reading
this newsgroup know how to set up a local web server at home to do this.

--
]DF$
The New Apple II User's Guide:
https://macgui.com/newa2guide/

Re: Adding New Let's Encrypt Certificate for old Mac OS and iOS

<sjd3fb$qj8$1@reader1.panix.com>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=26&group=comp.sys.mac.vintage#26

  copy link   Newsgroups: comp.sys.mac.vintage
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!panix!.POSTED.panix5.panix.com!wb8foz
From: wb8...@panix.com (David Lesher)
Newsgroups: comp.sys.mac.vintage
Subject: Re: Adding New Let's Encrypt Certificate for old Mac OS and iOS
Date: Sun, 3 Oct 2021 20:23:07 -0000 (UTC)
Organization: NRK Clinic for habitual NetNews Abusers - Beltway Annex
Message-ID: <sjd3fb$qj8$1@reader1.panix.com>
References: <dog_cow-1633054331@macgui.com>
Injection-Date: Sun, 3 Oct 2021 20:23:07 -0000 (UTC)
Injection-Info: reader1.panix.com; posting-host="panix5.panix.com:166.84.1.5";
logging-data="27240"; mail-complaints-to="abuse@panix.com"
User-Agent: nn/6.7.3
 by: David Lesher - Sun, 3 Oct 2021 20:23 UTC

D Finnigan <dog_cow@macgui.com> writes:

>The fix is simple: you just need to add the new Let's Encrypt certificate to
>the certificate trust store in iOS. The new certificate that you need to add
>is called ISRG Root X1. You can get the PEM file here:
>https://letsencrypt.org/certs/isrgrootx1.pem

Thanks for the details and URL.

I saw <https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/>
but your cite helped.

Note I had to delete an old X3 before I could install a new one, and Firefox
does not use the OSX Keychain.

--
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close..........................
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433

Re: Adding New Let's Encrypt Certificate for old Mac OS and iOS

<super70s-3C3B42.17421213102021@reader02.eternal-september.org>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=27&group=comp.sys.mac.vintage#27

  copy link   Newsgroups: comp.sys.mac.vintage comp.sys.mac.system
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: super...@super70s.invalid (super70s)
Newsgroups: comp.sys.mac.vintage,comp.sys.mac.system
Subject: Re: Adding New Let's Encrypt Certificate for old Mac OS and iOS
Date: Wed, 13 Oct 2021 17:42:12 -0500
Organization: A noiseless patient Spider
Lines: 29
Message-ID: <super70s-3C3B42.17421213102021@reader02.eternal-september.org>
References: <dog_cow-1633054331@macgui.com>
Injection-Info: reader02.eternal-september.org; posting-host="4af2fac26fc11b2d694469e58649a9b2";
logging-data="12255"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18ISUBjHEIICT8ewtKuSL809FyJnqghV0U="
User-Agent: MT-NewsWatcher/3.5.3b3 (PPC Mac OS X)
Cancel-Lock: sha1:0JfaIeQvdYaYJBAHxn0qvCl16E4=
X-No-Archive: yes
 by: super70s - Wed, 13 Oct 2021 22:42 UTC

In article <dog_cow-1633054331@macgui.com>,
D Finnigan <dog_cow@macgui.com> wrote:

> Today, one of Let's Encrypt's chain-of-trust certificates expired. This
> caused some of my older Apple devices to give a certificate warning when
> trying to access some web sites.
>
> The fix is simple: you just need to add the new Let's Encrypt certificate to
> the certificate trust store in iOS. The new certificate that you need to add
> is called ISRG Root X1. You can get the PEM file here:
> https://letsencrypt.org/certs/isrgrootx1.pem
>
> If your machine can't access the Let's Encrypt web site because it doesn't
> support newer versions of TLS, then you need to download the PEM file on a
> newer computer, then put it on a web server that supports plain HTTP or an
> older TLS version, and download from there. I'm sure most people reading
> this newsgroup know how to set up a local web server at home to do this.

I didn't have a browser problem but both my Tenfourbird mail app on my
Power Mac G4 running 10.4 and Apple Mail app on my 2009 iMac running
10.11 quit connecting last week. I called my ISP who were clueless
("we'd be getting a lot of calls about this if our mail server was
down") but I finally figured it out after a little web searching and
installed the new certificate on both machines. Both mail accounts
started working normally.

Something strange though, the new certificate says it will expire in
Nov. 2021 but I'm not sure if it will or not. Guess I'll find out in
November.

Re: Adding New Let's Encrypt Certificate for old Mac OS and iOS

<dog_cow-1634170169@macgui.com>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=28&group=comp.sys.mac.vintage#28

  copy link   Newsgroups: comp.sys.mac.vintage
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: dog_...@macgui.com (D Finnigan)
Newsgroups: comp.sys.mac.vintage
Subject: Re: Adding New Let's Encrypt Certificate for old Mac OS and iOS
Date: Thu, 14 Oct 2021 00:09:30 -0000 (UTC)
Organization: Mac GUI
Lines: 24
Message-ID: <dog_cow-1634170169@macgui.com>
References: <dog_cow-1633054331@macgui.com> <super70s-3C3B42.17421213102021@reader02.eternal-september.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 14 Oct 2021 00:09:30 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="410f7cbbe34c2bec7352c61440caa8af";
logging-data="10873"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19inTwJ40x8P9wrtpSK6FYl"
User-Agent: Mac GUI Usenet
Cancel-Lock: sha1:ei3lP5Ufw1a3D+ExYxO9H8xfJzQ=
In-Reply-To: <super70s-3C3B42.17421213102021@reader02.eternal-september.org>
 by: D Finnigan - Thu, 14 Oct 2021 00:09 UTC

super70s wrote:
>
> I didn't have a browser problem but both my Tenfourbird mail app on my
> Power Mac G4 running 10.4 and Apple Mail app on my 2009 iMac running
> 10.11 quit connecting last week.

Yeah, any service (not just browsers) that is using a certificate from Let's
Encrypt will need to be updated on older computer systems.

>
> Something strange though, the new certificate says it will expire in
> Nov. 2021 but I'm not sure if it will or not. Guess I'll find out in
> November.

You might be looking at the expiration date of the "leaf" certificate, and
not the higher-up root certificate ISRG Root X1. This one should expire over
a decade from now.

--
]DF$
The New Apple II User's Guide:
https://macgui.com/newa2guide/

Re: Adding New Let's Encrypt Certificate for old Mac OS and iOS

<sm4viu$nbh$1@dont-email.me>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=30&group=comp.sys.mac.vintage#30

  copy link   Newsgroups: comp.sys.mac.vintage
Path: i2pn2.org!rocksolid2!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: denods...@gmail.com (denodster)
Newsgroups: comp.sys.mac.vintage
Subject: Re: Adding New Let's Encrypt Certificate for old Mac OS and
iOS
Date: Sat, 6 Nov 2021 04:16:31 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 6
Sender: denodster@0.0.0.0
Message-ID: <sm4viu$nbh$1@dont-email.me>
References: <dog_cow-1633054331@macgui.com>
<super70s-3C3B42.17421213102021@reader02.eternal-september.org>
<dog_cow-1634170169@macgui.com>
Injection-Date: Sat, 6 Nov 2021 04:16:31 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="0752a76bd9e1187c3d04e3af34605ddc";
logging-data="23921"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18Fqv5H/7kR2CywEqJqLASglFL36hr0RsA="
Cancel-Lock: sha1:O/izVNEgT/9+wYZMdrBYUmEQ7eo=
X-Authenticated: denodster on INN host 0.0.0.0
X-Posted-From: InterNews 1.1@192.168.2.86
 by: denodster - Sat, 6 Nov 2021 04:16 UTC

Had a customer write in to our support email with this last week. We
were quite confused at first as we didn't have any other users that
seemed to be having issue with our site. It turned out she was using a
mac from several years back and running 10.11. Our solution ended up
being to ask her to try firefox, which solved the issue for her enough
to allow her to use our service.

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor