If your browser complains that your “site is not secure” because the SSL cert is not valid you are using an OS (Operating System) version lower than one of the following OS versions:
- Windows XP SP3
- macOS 10.12.1
- iOS 10 (iPhone 5 is the lowest model that can get to iOS 10)
- Android 7.1.1
NOTE: The above is a list of the common OS that may be affected, but is not limited to other OS systems that may also be affected.
If this is the case, your computer is missing a root certificate.
You need to update your machine or device to the latest available version.
For info on how to update your OS, you can do a search for:
- Updating your Windows Operating System
- Updating your Mac Operating System
- Updating your Android Operating System
- Updating your iPhone Operating System
or contact a computer techie for assistance.
|NOTE: You can also try using a different browser. That has corrected the issue for some users.
Explanation of Why this Happened
On Sept 30th a root certificate used to sign SSL certificates with, expired. Root certificates are used by a variety of software and devices to validate the authenticity of other certificates such as (SSL/TLS) used to encrypt web traffic.
Once a root certificate is about to expire, a new one is issued and new certificates need to be regenerated and signed with the new root certificate. In order for devices and software to be able to trust certificates issued with the new root certificate, new root certificates need to be installed on each device.
New root certificates are distributed usually through OS updates, so having an older machine and not keeping it up to the latest possible version will cause issues.
The easiest solution is to try to update your computer to the latest version possible. If that’s not an option it is possible to manually install the root certificate but that’s going to require special instructions.
Example of what the error looks like:
How to Manually Install Root Certificate
- Download the Self-signed ISRG Root X1 certificate file (pem) from this link:
- Open the Keychain Access app and drag that file into the System Roots folder of that app.
- Find the ISRG Root X1 certificate in System and double click on it
- Open the Trust menu and change "Use System Defaults" to "Always Trust", then close that
- Enter your password to confirm the change (if prompted).
- Download the Self-signed .der file for ISRG Root X1 (your browser may warn about the file type and you may need to click "Keep" to save the file) using this link:
- Open the file
- Click "Install Certificate"
- Choose default option "automatically select"
- Next, Finish