FYI, expired certificate warnings from Safari

I was going to report through the “Support” link, but that link also gave me the warning. Lots of links are generating this warning on my Mac. I noticed it first on the “?” links.

Screen Shot 2021-10-07 at 10.27.05 AM

This is what I’m seeing:

image

I too show that your certificate is good until 11/26, however Safari is saying the the two certificates above yours expired in September. See screen prints.

A quick google brings this:

And this:

" So how come two different Macs connecting to the same site get such different chains of trust?

The answer I suspect lies in the caching of certificate checks. Both my iMac and iPhone have connected to this site previously, and rather than performing a full certificate check every time, macOS is just using old results, which still refer to the old intermediate and Root certificates. My M1 Mac mini had never connected to that site, so had to perform a fresh check on the chain of trust, which then traced back to the current chain with its replaced intermediate and Root certificates.

What can you do about this more generally, to save you from having to make each broken site an exception? As far as I know, nothing that you’d want to. Emptying Safari’s caches doesn’t help, as I think the old certificate information is held in a separate security database to which the user has no access. Unless you know better.

No thanks to Let’s Encrypt, which seems unaware that any of this might cause such problems.

Note

Whether you’re running a server which relies on Let’s Encrypt certificates, or trying to connect your browser to one, the most helpful and information page on the subject is this one from Certify The Web.

…or just use Chrome until there’s a fix for Safari.