12/15/2021»»Wednesday

Mac Client For Lets Encrypt

12/15/2021
    15 - Comments

How To: Use MAMP Pro on Mac OS X With Let’s Encrypt (CertBot/ACME) to Automatically Generate SSL Certificates Let’s Encrypt is a free (CA) Certificate Authority that has become a popular alternative for generating free SSL certificates. Dehydrated support scripts for OS X Server. Dehydrated (formerly letsencrypt.sh) is a nice and simple client for obtaining free SSL certificates from Let's Encrypt.This repository contains a wrapper script which automatically pulls the host names from configured SSL websites in OS X Server, requests the appropriate certificates, and calls a hook that imports them into Keychain and sets the OS.

Last updated: See all Documentation

The main determining factor for whether a platform can validate Let’s Encrypt certificates is whether that platform trusts ISRG’s “ISRG Root X1” certificate. Prior to September 2021, some platforms could validate our certificates even though they don’t include ISRG Root X1, because they trusted IdenTrust’s “DST Root CA X3” certificate. From October 2021 onwards, only those platforms that trust ISRG Root X1 will validate Let’s Encrypt certificates (with the exception of Android).

If your certificate validates on some of the “Known Compatible” platforms but not others, the problem may be a web server misconfiguration. If you’re having an issue with modern platforms, the most common cause is failure to provide the correct certificate chain. Test your site with SSL Labs' Server Test. If that doesn’t identify the problem, ask for help in our Community Forums.

  • Windows >= XP SP3 (assuming Automatic Root Certificate Update isn’t manually disabled)
  • iOS >= 10 (iOS 9 does not include it)
  • iPhone 5 and above can upgrade to iOS 10 and can thus trust ISRG Root X1
  • Android >= 7.1.1 (but Android >= 2.3.6 will work by default due to our special cross-sign)
  • Ubuntu >= xenial / 16.04 (with updates applied)
  • Debian >= jessie / 8 (with updates applied)

Browsers (Chrome, Safari, Edge, Opera) generally trust the same root certificates as the operating system they are running on. Firefox is the exception: it has its own root store. Soon, new versions of Chrome will also have their own root store.

Let's Encrypt Certbot

These platforms would have worked up to September 2021 but will no longervalidate Let’s Encrypt certificates.

  • macOS < 10.12.1
  • iOS < 10
  • Mozilla Firefox < 50
  • Ubuntu >= precise / 12.04 and < xenial / 16.04
  • Debian >= squeeze / 6 and < jessie /8
  • Java 8 >= 8u101 and < 8u141
  • Java 7 >= 7u111 and < 7u151
  • NSS >= v3.11.9 and < 3.26
  • Amazon FireOS (Silk Browser) (version range unknown)
  • Cyanogen > v10 (version that added ISRG Root X1 unknown)
  • Jolla Sailfish OS > v1.1.2.16 (version that added ISRG Root X1 unknown)
  • Kindle > v3.4.1 (version that added ISRG Root X1 unknown)
  • Blackberry >= 10.3.3 (version that added ISRG Root X1 unknown)
  • PS4 game console with firmware >= 5.00 (version that added ISRG Root X1 unknown)

Mac Encrypt Pdf

Macos letsencryptCertificateMac
  • Blackberry < v10.3.3
  • Android < v2.3.6
  • Nintendo 3DS
  • Windows XP prior to SP3
    • cannot handle SHA-2 signed certificates
  • Java 7 < 7u111
  • Java 8 < 8u101
  • Windows Live Mail (2012 mail client, not webmail)
    • cannot handle certificates without a CRL
  • PS3 game console
  • PS4 game console with firmware < 5.00

Mac Letsencrypt

Encrypt

Macos Letsencrypt

We have submitted ISRG Root X2 to the Microsoft, Apple, Google, Mozilla, and Oracle root programs for inclusion. ISRG Root X2 is already widely trusted via a cross-sign from our ISRG Root X1. For more information, check our our community forum post