Canadian Mac Forums at ehMac banner
1 - 11 of 11 Posts

·
Registered
Joined
·
494 Posts
Discussion Starter · #1 ·
I keep getting this when visiting most websites:
"Your clock is behind" or "Your clock is ahead" or "NET::ERR_CERT_DATE_INVALID"
You'll see this error if your computer or mobile device's date and time are inaccurate.
To fix the error, open your device's clock. Make sure the time and date are correct.

I've checked the clock and it's spot on with my iPhone and isn't incorrect.

What other troubleshooting is there?
 

·
peek-a-boo
Joined
·
17,353 Posts
Is that google chrome? If so, yeah, it’s a date mismatch with the secure certificate with the websites. If you’re sure it’s not your computer it could be a number of things, including your own connection (public wifi sometimes does this). I think if you google this error you’ll find a handful of steps to look for on this.
 

·
Premium Member
Joined
·
16,085 Posts
What other troubleshooting is there?
Many users, including myself started getting "invalid certificate" warnings for various sites starting around the end of October.

I mainly use google chrome, and I got around the problem by selecting the certificate involved and changing it's settings to I trust it which seems to have worked in most cases.

Try googling for various other solutions that may apply better to your particular situation.


- Patrick
=======
 

·
Registered
Joined
·
732 Posts
This problem is related to the expiry of Let's Encrypt's root certificate. Windows users got hit too. Let's encrypt is a non-profit certificate producer that some less mainstream websites use. A real nightmare, something that should not have happened.

Windows users needed an update from Microsoft to resolve. Not sure what the resolution is on the mac side. Can you confirm your OS version?
 

·
peek-a-boo
Joined
·
17,353 Posts
just to add here, be careful about advising anyone to just hit 'trust site' if one encounters certificate errors. One of the reasons browsers are kicking errors really is to block fraudulent sites from impersonating other sites, so before hitting'trust' really check that url, the spoofed ones are quite tricky and clever to fool a lot of people.
 

·
Premium Member
Joined
·
16,085 Posts
just to add here, be careful about advising anyone to just hit 'trust site' if one encounters certificate errors.
The suggestion to trust any Certificates that are providing errors is aimed at those certificates that have probably been in one's Keychain Access for sometime and not meant for any certificate that may have just suddenly arrived or arrived out of nowhere. And the user should definitely check. The appropriate dates are usually Indicated as to created and modified updates and stamped as valid unless something has changed the validation status.


- Patrick
=======
 

·
peek-a-boo
Joined
·
17,353 Posts
Yes, but what if the reason you’re getting the error is a fraudulent website is providing a dodgy certificate, even with websites you have already trusted previous. That makes no difference if you know how this works. That’s how people get hacked, and badly. If you use online banking you could be in a heap of trouble. I’ve setup secure sites and installed certificates and i know how easy for hackers to spoof you. Beware before you hit trust, even on previously trusted sites. Just be sure. That’s my advice.
 

·
Registered
Joined
·
494 Posts
Discussion Starter · #8 ·
This problem is related to the expiry of Let's Encrypt's root certificate. Windows users got hit too. Let's encrypt is a non-profit certificate producer that some less mainstream websites use. A real nightmare, something that should not have happened.

Windows users needed an update from Microsoft to resolve. Not sure what the resolution is on the mac side. Can you confirm your OS version?
OSX El Capitan 10.11.6
 

·
Registered
Joined
·
732 Posts
Taken from Let's Encrypt's forum. In response to a user with OS 10.11.6

For older macOS, try:
  • downloading https://letsencrypt.org/certs/isrgrootx1.der 404
  • Open the Keychain Access app and dragging that file into the System folder of that app.
  • then find the ISRG Root X1 certificate in System and double click on it, open the Trust menu and change "Use System Defaults" to "Always Trust", then close that and enter your password to confirm the change (if prompted).
 

·
Registered
Joined
·
494 Posts
Discussion Starter · #10 ·
Taken from Let's Encrypt's forum. In response to a user with OS 10.11.6

For older macOS, try:
  • downloading https://letsencrypt.org/certs/isrgrootx1.der 404
  • Open the Keychain Access app and dragging that file into the System folder of that app.
  • then find the ISRG Root X1 certificate in System and double click on it, open the Trust menu and change "Use System Defaults" to "Always Trust", then close that and enter your password to confirm the change (if prompted).
This is beyond my technical (dis)abilities. I can't drag anything under Category into anything in Keychains. Help?
 

·
Premium Member
Joined
·
16,085 Posts
This is beyond my technical (dis)abilities. I can't drag anything under Category into anything in Keychains. Help?
Try this:
  • download the "isrgrootx1.der" file from the above URL.
  • locate the isrgrootx1.der file you downloaded and double-click it
  • that should open your Keychain Access application and provide you with a dialog box.
In that dialog box click the optional box and choose System
  • After that is done, use the search box in Keychain Access to search for ISRG Root X1 or just use ISRG that should then list possibly two choices.
  • double click each one, or use the get info (Right click) on each, click the disclosure triangle to point down, then in the "when using" option box, click the "Always Trust" choice and then close all the keychain access windows. you are done:

Some screenshots to help make things clear:
Rectangle Font Software Screenshot Technology


Rectangle Font Screenshot Software Technology



I hope this helps.

The screenshots show what settings you should end up with.

Just take your time but you should have a current backup of all your user data before attempting any change just in case one screws up or something goes goofy. You should be all okay... 😇 😇


- Patrick
=======
 
1 - 11 of 11 Posts
Top