Blog - Diawi - Development and In-house Apps Wireless Installation - News, tech notes and tips on app deployment

Let's Encrypt root certificate expiration: how to continue using Diawi on macOS <10.12.1

On and all our subdomains, we use Let's Encrypt to generate SSL certificates and provide navigation through secure HTTPS connexions. However, on September 30, 2021, the root certificate used by Let's Encrypt to sign their SSL certificates has expired on some older systems like macOS <10.12.1.

To continue using Diawi (and many many other websites) on those older macOS computers, there is a solution!

When you navigate to with Safari, if you get a security error like NET::ERR_CERT_DATE_INVALID: you are affected. You could temporarily accept the SSL exception in Safari, but the error will appear again later and on each of our subdomains, which is not practical.

In order to visit Diawi and install apps, the solution is to download and install the new root certificate manually.

  1. Download it from the official Let's Encrypt address: => save it as a file, don't open Keychain if the system suggests it
  2. Open the certificate by double-clicking the isrgrootx1.der file in the Finder
  3. You'll get an "Add Certificates" dialog asking to add it to your keychain. Choose "system" to make it available to all users on your mac.
  4. Click "Add".
  5. In the Keychain Access search box, type "ISRG" to find the ISRG Root X1 you just installed, be sure to select the system keychain in the list on the left.
  6. Double-click to open it.
  7. In the dialog box, expand the "Trust" area and in "When using this certificate", change "Use System Defaults" to "Always Trust". This will change all the other items selections.
  8. Close the dialog box and apply it (you'll need to use your login/password as it is a system change)

That's it. The new certificate is valid until 2035 and you are able to continue using Diawi.

Author image
About Greg
Paris, France Website
App deployment ninja, maintainer of Diawi and huge coffee lover.