Don’t Let Replacing the Expired DST Root CA x3 Bring You Down
If you are using an older Mac OS X version to browse the web, it’s likely that you recently started seeing "NET::ERR_CERT_DATE_INVALID", "Your connection is not private", "Clock expired privacy issue", "Safari can’t verify the identity of the website", or a similar error in your browser, when trying to visit sites that should be safe.
The error is probably occurring on your older computer because the popular certificate DST root ca x3 from the certificate authority Let’s encrypt expired on September 30, 2021. You need its replacement isrg root x1 to resolve the NET::ERR_CERT_DATE_INVALID error.
Your computer has a list of certificates that allow it to verify the authenticity of the websites you visit. OS updates usually include the latest batch of certificates required to verify most websites you might visit. However, you can also manually add certificates to your computer’s certificate store.
Manually Adding Certificates on Mac OS El Capitan
Here is how to add the isrg root x1 certificate on Mac OS El Capitan. The process is very similar on other Mac OS versions as well.
Step 1: Get the legit isrg root x1 certificate from Let’s encrypt by visiting https://letsencrypt.org/certs/isrgrootx1.pem.txt. If the Lets Encrypt site itself is marked as insecure for you, you can download it from here: https://intellitect.com/wp-content/uploads/2022/03/isrgrootx1.pem_.txt (don’t make downloading certs from websites a habit though).
Don’t let the encoding of the file intimidate you.
Step 2: Save it by right-clicking on the page and clicking save as (or if in Safari, click File > Save as ).
Step 3: Save it as a .pem file (remove the .txt extension).
You now have a file that looks like this:
Step 4: Open the file. The file opens with Mac OS’s certificate store called Keychain Access.
If it doesn’t open with KeyChain Access, then open the KeyChain Access app manually by either searching for it via Spotlight ? or finding it in the Utilities App Folder. Then drag and drop the .pem file into KeyChain Access.
Step 5: Click "confirm" or "yes" on any dialogue about whether or not you want to add the certificate, and when presented with the screen with a prompt that says you can choose whether to add the certificate for one user or the entire "System" (all users), choose "System" in the "Keychain" drop-down to fix the error for all users.
Step 6: Now, we need to mark it as trusted.
Find it in the certificates, and open it. Under the Trust drop-down ? (double click to open), set the SSL field as always trusted.
Step 7: Close and save.
Wrapping Up!
You should be able to use SSL (HTTPS) with it now! Wikipedia.org is a site that you wouldn’t be able to visit without SSL backed by isrg root x1, so give it a try.
Want More?
Need more information on fixing errors like "NET::ERR_CERT_DATE_INVALID"? Check out Mark Michaelis’ quick fix for the NETSDK1004 compile error. Curious about the software development work IntelliTect does? Check out our innovative products to see what software solutions we offer that solve your real-world issues.
Does Your Organization Need a Custom Solution?
Let’s chat about how we can help you achieve excellence on your next project!
Just restored an old MacBook Pro and installed chrome and this worked brilliantly. Thanks for allowing me to use chrome once more on a 10 year old laptop that was destined for the trash.
Finally, I can browse the site that I need again.
Wow! Very Thankful this worked. I am using a 2008 iMac, now running with OS X 10.11.6 – El Capitan. The exact screens in my Key Chain app were slightly different. Yet using this information I was able to get my ISGR Root X1 certificate to be trusted.
Thank you, this works perfect for me, using old macbook 2007 that could no longer update. fine explanation, easy to follow. Thanks again.
Mil gracias!! Llevaba mucho tiempo con este problema y no encontraba como solucionarlo. Por fin lo he podido solucionar :) QUE GRANDE!!
Oh my gosh Thank you! Why do i feel like a computer genius now?
Im on a vintage 2007 iMac and i couldn’t figure out why this was happening to every single site i went to. I couldn’t even look for jobs on Indeed (not complaining, work is trash) which is when i decided to figure this out. My time and date settings were accurate too so i was stumped. Until the sky cleared and Austen descended from “the cloud”.
Thank you so much. Im off to apply for a cyber security job now. Wish me luck!
Thank you very much! It works!!!!
Thanks for that! Worked fine! Now I browse in peace again! Cheers
I’ve been struggling on this problem for so long, it works now!! Thanks!!
Thank you so much!
my 2008 old macbook is back to life
=)
Hi Austen,
thank you very, very much! This brought new life to my mid-2009 Macbook.
Have a very nice day!
Cheers, Alex
Had this problem for a pretty long time, thanks for providing the solution!
Thank you! This has been bothering me for a year, I wish I’d found your website earlier!
Thank you so much this helped heaps!
First of all, thank you so so much! I followed the guide to precision with success. I am on a vintage Macbook (10.11.6 OS X El Capitan). I have gotten this NET::ERR_CERT_DATE_INVALID for every site – in Chrome only though – for year probably a year now since the mentioned certificate expired
Have searched around for solutions, and even tried to recruit something to sort it out. When one applicant told me it had to do with certificates, I decided to search more in detail. I came through great many articles but not until I read this one I solved it
Only one comment though. At least on my Macbook one shall DRAG AND DROP the .pem file into the Keychain Access to actually add it, and not just open it from say desktop. Moreover, to find the Trust down menu I doubled clicked on it, which also were not so apparent, but awesome articles thanks so much!
Glad you got it working! Thank you for the feedback. I added your suggestions.
Thanks! worked perfectly clear no bs explanation. Well done.
Thanks a lot for the fix! It really helps. xxx
Thank you! Thank you! Thank you!
Many hours of trying to solve this issue and you’ve fixed it for me.
Thank you so much!!! Was a really annoying problem I had and it is now solved, and really well-explained step by step :)
Hi I have downloaded and saved the pem file, however I get this An error occurred. Unable to import “ISRG Root X1”.
Error: 100001
So wonderful for you to helping so many, any further assistance would be invaluable.
At Step 5 in the article, try adding the certificate to the “login” keychain.
Muchas gracias por toda la información, no me dejaba seguir todos los pasos pero al final pude (no se como) añadirlo como certificado de confianza y el problema está resuelto…
Muchas gracias
Fantastic Thank You!!!
Wow thank you!!! This was exactly what I was looking for :D
Un millón de gracias.
De nada!
I can’t believe its finally fixed. THANK YOU, THANK YOU, THANK YOU !!!!!!
a big thank you ! :D
Thank you! Very clear and helpful!
you did a great job.
No consigo guardar el archivo, mi sistema lo elimina automáticamente cuando quiero encontrarlo a través del Finder.
Muchisimas gracias, pude entender mejor cómo debía solucionar el problema y lo logré, muchisimas gracias por la información. <3
Muchisimas gracias, pude entender mejor cómo debía solucionar el problema y lo logré, muchisimas gracias por la información. <3
THANK YOU VERY MUCH! Already was planning to buy a new computer, now everything works good again. All the best!
You are welcome!
Can’t thank you enough!
Very clear instructions and an instant fix for a problem that has been plaguing me for months.
You are welcome!
I am so appreciative of this post, been looking for a fix for months and stumbled across this today – the instructions are super clear and worked perfectly. Finally I can go back to browsing without any frustration. I’m so relieved. THANK YOU!
Thanks!!!!!!!
Omg! Thank you so much! I had this for so long, I had no idea how to get rid of it. Once again, thank you!
YOU ARE THE BEST!!!
Geniální díky!
Nemáš zač!
Thank you so much!! That worked great!! Your step-by-step instructions were very helpful!
You are welcome. And thank you for the feedback.
Thank you so much! Just got a 2009 MacPro up and running again…
Great!
When I go to do the first step, the same error pops up saying that it’s not secure.
Well that is not helpful! I’ve gone ahead and attached a copy of the certificate file to this post, and here is the link: Good luck!
I had to do this and it worked. It automatically opened (with no prompts) in the “login” folder and was able to unlock “System” and drag it there, I also was having the issue that Erik Svensson (below) was having with the file being “removed” when trying to open it from Chrome. When I switched from Chrome to Safari, it dowloaded successfully to .txt then I switched it to .pem. Thank you so much for this, I’ve been trying since end of September and thought it was my new iphone settings that I bought the same day. You are so appreciated.
Damn this was a very good help, Out of Google help I got NOTHING! Like blow away your computer and reinstall everything, yeah right… I need to run El Capitan 10.11.6
It has been so annoying this certificate error, but solved with your help
When I open the file it gives me this error message in the Keychain Access Window. It also gives me this message when I drag the file into the window: “The “System Roots” keychain cannot be modified. To change whether a root certificate is trusted, open it in Keychain Access and modify its Trust Settings. New root certificates should be added to the login keychain for the current user, or to the System keychain if they are to be shared by all users of this machine.” What should I do now? Thanks!
Hey, my first thought is that your user may not be an admin user on the computer so you cannot modify the “system roots” keychain. So you could first try opening Keychain Access and then clicking the padlock icon to unlock the “System Roots” keychain – you will be able to unlock only if an admin. Then drag the cert into the Certificates list. Here is a visual aid screenshot: https://ibb.co/S6M9RX0 . If that doesn’t work, try installing the certificate not at the system level, but at the “login” or user level. It will still work for your user profile. If you have further difficulties, feel free to comment.
Thank you SO, SO much!! Been looking for a fix for this for 4 months now on my MacBook Pro, and your post is the first straightforward successful answer I’ve found… finally back to browsing bliss. You’re a lifesaver!
Thank you! I’ve experienced this problem and it’s extremely annoying. I was starting to think I should retire my old Mac…
Thank you so much for this guide! This cert date error has been a pain for the past month or so and I’m just so relieved it’s fixed now. The guide was super easy to follow, too.
Thank you so much! It works on OS X 10.11.6
Great!
Thank you so much for these simple instructions! I was nervous to try, but had to try to fix this frustrating problem. Finally, no more problems.
When I try to open the file it says its removed? Help! Thank you
Hey Erik, what file are you referring to – the certificate.pem file? Also, what step in particular are you stuck at?
This is happening to me too. When I save as .pem it downloads but then says removed when I go to open the file. It does not show as a certificate file like you have shown above. Any idea why my mac will not save as .pem?
hmmm… interesting. So when you click on the file in your Download’s folder in Finder it says file not found? Finder shouldn’t show files that don’t exist. From what you are describing though it sounds like you are trying to open the file from Chrome or Safari. Try opening it from Finder if you haven’t already. Happy to help out if you are still having difficulty.
Also you can try saving it just as it is as .txt. Then rename the file after its downloaded, by finding it in Finder, right clicking it and selecting “get info”, and then changing the .txt to .pem.
Facing a similar situation. Each time I go to Finder and click on the certificate, I’m told the file cannot be found.
Perhaps try copying the certificate text. Open the Text Edit app and paste the certificate text there. Then save the file with the .pem extension. it will default save it as .txt -> so remove the .txt and replace with .pem .
Many thanks for this fix. El Capitan survives to fight another day.
?
omg u saved my life
Many thanks to you! It solved my issue on MacOS 10.11
I found it frustrating and rather difficult to figure out why exactly many websites didn’t work.
Then it was surprisingly hard to find a tutorial on how to fix these certificate issues, but your fix is easy to follow and works PERFECTLY.
Additionally, this Reddit thread may be helpful too, it uses a very similar way and also explains that you can save your isrg certificate under “system” in the keychain access app to also fix other user accounts on the same Mac: https://old.reddit.com/r/MacOS/comments/pz5dq3/any_fix_for_the_big_lets_encrypt_certificate/
Thank you so so much!!!
Omg thank youuuuuuuuu
Austen, many many many many many many many many many many many many many many many many THANKS!!!
Thank you!
This has finally resolved an error where it has nearly caused me to purchase a new mac laptop.
Hoping to assist others in finding this page, I wanted to list the other search phrases I used which were not as helpful, until I finally stumbled upon this resolution:
Can’t load page,
Clock expired privacy issue,
Your connection is not private,
Attackers might be trying to steal your information,
Automatically send some system information and page content to Google to help detect dangerous apps and sites
Thanks
again
Thank for the suggested key words to add to the article to help others out. Best wishes!
THAAAAAAAANKSSSSSS!!!!!!!
Dear Austen,
I know we are not alone with this problem……
that
YOU solved
We thank you sooo much for given this Key to us.
Chrome is back on our MacBook Pro (2012)
Thanks again and all best wishes to you
from Marion&Martin
(Philippines)
Exactly what I needed.
AMAZING!
Thank you soooooooooooooooooo much my dude.
?♂️ on! You’re welcome!
Thank you so much! This totally saved me!!
Hey! I cannot express to you how many websites and tutorials I’ve been to over the past few days, which just did not work time and time again. This one, whilst kind of seeming scary to an amateur, did work straight away! Thanks a lot :D
Hey, Glad to hear it worked for you! And thanks for the feedback.
Thanks for tip!