SSL certificate problem: certificate has expired (on macOS High Sierra 10.13.6)

Although my Mac mini (Mid 2011) running macOS High Sierra 10.13.6 (can’t upgrade) is pretty old, I have been keeping it “up-to-date” using Homebrew, where possible.

However, as of this week that fails due to SSL certificate issues:

curl: (60) SSL certificate problem: certificate has expired
More details here:

Might be related to the Let’s Encrypt root certificate expiring (yesterday/today)?

What can I do about this? (If anything?)

Open the url in Safari and accept the exception. That did the trick for me.

Of course it’s a bit of a hack. I think it’s also possible to install the root certificate. Read about it somewhere, but didn’t have the time to look into it.

1 Like

Yeah, that certificate recently expiring has caused a massive amount of problems across the different communities that I’m a part of. Not just websites!

The (current) solution is to use Mozilla Firefox.

1 Like

The failing curl command is executed by Homebrew (on the command line).

I don’t think switching browsers will help with that?

You should be able to get a new root certificate and install that on your Mac, right?

Finally figured this out for a long-standing problem with Arq backing up to MinIO on my NAS using https.

I know that. It was a recommendation for others who might be in a different situation of their own. From what I can remember, Mozilla Firefox uses it’s own certificates or something like that (I don’t remember the exact wording).

1 Like

I agree with you, Firefox is a potential workaround for older systems with bigger problems than just curl.
From the article:

“However, Firefox is currently unique among browsers — it ships with its own list of trusted root certificates.”

This might work: (will try later)

1 Like

It does work. Just moments before I read the blogpost I followed the same procedure on my dad’s Mac. And the problem with the let’s encrypt certificate has been fixed.

1 Like

That being said, I’m also using Let’s Encrypt on a mail server. And while that works on 95% of the devices, including Android, iPads running the latest iPasOS versions 14 and 15 refuse to connect.

Apple mail on iPad is a pain in the back anyway when you try to connect to something other than one of the big e-mail providers in my opinion. :frowning:

Turn out my Mac already has an ISRG Root X1 certificate which is valid until 4-Jun-2035.

It’s more likely this issue with the curl version provided by Apple in macOS:

1 Like

The suggested answer on StackOverflow (deleting the expired certificate from /etc/ssl/cert.pem) did the trick, but I wonder whether I’ll notice any side effects…

1 Like