I see that I already have the latest ISRG Root X1 certificate in the System Roots keychain, so not sure why I would need to add it to my System keychain.
And when I went to https://letsencrypt.org/certs/isrgrootx1.pem <https://letsencrypt.org/certs/isrgrootx1.pem> to download, it showed up as a .cer instead of a .pem. -Al- > On Oct 29, 2021, at 10:25 PM, Michael <keybou...@gmail.com > <mailto:keybou...@gmail.com>> wrote: > > So I found this advice online for updating certs without having to worry > about trusting expired old certs. > > 1. Visit https://letsencrypt.org/certs/isrgrootx1.pem > <https://letsencrypt.org/certs/isrgrootx1.pem> to download the certificate, > and save it in the Documents folder. > > 2. Open Terminal, paste this command, and press enter: > > sudo security -v add-trusted-cert -d -r trustRoot -k > "/Library/Keychains/System.keychain" ~/Documents/isrgrootx1.pem > > This eliminates the need for marking the expired DST root as special-case > trusted. Powered by Mailbutler <https://www.mailbutler.io/?utm_source=watermark&utm_medium=email&utm_campaign=watermark-variant-primary>, the email extension that does it all
smime.p7s
Description: S/MIME cryptographic signature
