hoakley October 1, 2021 General, Macs, Technology

Why won’t Safari open that web page?

A few days ago I warned that those still using older versions of Mac OS X are likely to have problems making secure HTTPS connections with many websites, because of a security certificate due to expire on 30 September. Unfortunately, it has turned out that this isn’t confined to older Mac OS X, and can even affect Monterey betas. And there’s more than one certificate which has now expired.

brokencerts02

The signs of trouble are obvious. You try to connect to an affected website using Safari, only to be informed that This Connection Is Not Private. That Safarian error message means that it tried to connect using HTTPS, and has detected a certificate problem. This can affect any (reasonably recent) version of Safari, running on macOS, iOS or iPadOS, and on pretty well any version of those operating systems. It may appear sporadic, although once it has affected a site, Safari is unlikely to be able to make that connection properly again.

The solution depends on your confidence that the error is spurious, which depends on how much trust you can put into that address and site. You might wish to use another browser like Firefox to check the website out before making any decision, then clicking on Show Details to proceed further in Safari.

brokencerts03

Further information provided by Safari is helpful, explaining the certificate expiry, giving that date and inviting you to check your Mac’s clock. If you’re happy that doesn’t explain the problem, click to view the certificate.

brokencerts04

In this case, the site’s certificate remains valid until the end of this year, but the intermediate certificate R3 has expired.

brokencerts05

Although this is a Let’s Encrypt certificate chain, the first of the certificates to expire wasn’t its DST Root CA X3 which we were warned about, which remained valid at the time that this happened to me. The first certificate to expire was the intermediate R3, which expired on 29 September, a day earlier.

brokencerts06

Step back to the Root Certificate, and you’ll see that’s due to expire on 30 September, the very next day.

The immediate solution is to manually approve that site’s certificate, which bypasses the expiry of its other certificates. Safari will then add a special certificate to your keychain for that particular site.

brokencerts07

Once that has been added, you can continue to access that specific site, but others which rely on the same chain of trust will need to be added individually.

However, according to my previous article, this shouldn’t affect macOS 10.12 or later. So why did I have this problem in 11.6?

To answer this, I tried making the same connection on my iPhone (iOS 15), which failed similarly, and on my M1 Mac mini (macOS 12 beta 8), which had no problems at all with that site. Indeed, it showed a different chain of trust altogether.

brokencerts08

The site’s certificate appears identical, although the Root Certificate is different, ISRG Root X1, which is the replacement for the DST Root CA X3 expiring on 30 September.

brokencerts09

The intermediate certificate R3 here has an expiry date in 2025.

brokencerts10

And the Root doesn’t expire until 2035.

So how come two different Macs connecting to the same site get such different chains of trust?

The answer I suspect lies in the caching of certificate checks. Both my iMac and iPhone have connected to this site previously, and rather than performing a full certificate check every time, macOS is just using old results, which still refer to the old intermediate and Root certificates. My M1 Mac mini had never connected to that site, so had to perform a fresh check on the chain of trust, which then traced back to the current chain with its replaced intermediate and Root certificates.

What can you do about this more generally, to save you from having to make each broken site an exception? As far as I know, nothing that you’d want to. Emptying Safari’s caches doesn’t help, as I think the old certificate information is held in a separate security database to which the user has no access. Unless you know better.

No thanks to Let’s Encrypt, which seems unaware that any of this might cause such problems.

Note

Whether you’re running a server which relies on Let’s Encrypt certificates, or trying to connect your browser to one, the most helpful and information page on the subject is this one from Certify The Web.

Thanks to Peter for that link.

75Comments

Add yours

1

Arie on October 1, 2021 at 7:57 am

Sadly this also affects all applications that use WKWebView. So it is not only Safari.

LikeLiked by 1 person
- 2
  
  hoakley on October 1, 2021 at 8:24 am
  
  Thank you. I guessed it might, and I suspect that there are no helpful dialogs to allow the use to trust the site regardless?
  I’ll be posting more info on Monday, but the failure is in trustd and com.apple.securityd, so not something you can easily work around, I fear.
  Howard.
  
  LikeLike
3

Arie on October 1, 2021 at 8:34 am

After my hosting provider updated the certificate, Safari (and WKWebView) have no problems anymore.

LikeLiked by 1 person
4

Paul on October 1, 2021 at 9:25 am

On some sites and Safari (desktop versions) there is no link provided to bypass the block. The only way to view those sites is in Chrome with the site added to a safe exception list manually or Firefox which reports the SSL error but will fully load the site. I work for a WIN based web and application developer – have this on multiple managed sites currently including local parish and GOV. Everyone else in the office is OK which means I am getting zero support. Nothing new there.

Firefox it is then.

LikeLiked by 1 person
5

mywax on October 1, 2021 at 1:38 pm

Thanks for the follow-up article. Can you please help clarify whether simply updating OS X to a version later than 10.12.1 is expected to resolve the issue?

LikeLiked by 1 person
- 6
  
  hoakley on October 1, 2021 at 1:40 pm
  
  I’m sorry, I don’t know. If that refreshes the certificate details in the security database it should.
  Howard
  
  LikeLiked by 1 person
7

Paul on October 1, 2021 at 2:04 pm

A bit more here possibly for admins – I’ve talked to our independent ISP / server manager (helpful) in the meantime and he has multiple clients contacting him (not surprisingly). Some have resolved Chrome at least with a deep cache cleanse / reset (ditch everything) – this hasn’t worked for me – Stack Exchange sites in particular wont load fully even if I make them an exception (safe list).

https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/

LikeLiked by 1 person
- 8
  
  hoakley on October 1, 2021 at 4:44 pm
  
  Thank you.
  Howard.
  
  LikeLike
9

David B. on October 1, 2021 at 2:21 pm

My friend said …….

“The classic help-desk question for problems like this is:
“Have you tried turning it off and on again?””

You didn’t say if you re-booted.

LikeLiked by 1 person
- 10
  
  hoakley on October 1, 2021 at 4:52 pm
  
  Thank you.
  Restarting a Mac or iOS device doesn’t refresh or rewrite its certificate database. In this case, both the Mac and iPhone had been started up several times since that site had last been accessed, prior to the expiry of the first of its certificates.
  Howard.
  
  LikeLike
11

EcleX on October 1, 2021 at 4:34 pm

Thanks. A bit off topic, but… If the page is opened, why does not Safari save it as “.webarchive” with its title name? Teh issue arose with Safari 15.0 (16612.1.29.41.4, 16612) on macOS 11.6 (20G165) Big Sur. No problem with previous Safari versions.

LikeLiked by 1 person
- 12
  
  hoakley on October 1, 2021 at 4:46 pm
  
  It works fine here, although it gets silly as usual when you try to open the WebArchive. File / Save As… and select WebArchive. That’s in Big Sur with Safari 15.
  Howard.
  
  LikeLike
  - 13
    
    EcleX on October 1, 2021 at 7:42 pm
    
    Thanks. Yes, that is what I do. For instance, this page is saved as (note lowercase, hyphens everywhere and lack of question mark)
    why-wont-safari-open-that-web-page
    instead of
    Why won’t Safari open that web page?
    
    And in other sites is even worse: saves a weird string, only past part of title, etc. A real mess.
    
    LikeLiked by 1 person
    - 14
      
      hoakley on October 1, 2021 at 7:44 pm
      
      Ah – your problem is with the default Filename. That’s set by Safari.
      Howard
      
      LikeLike
    - 15
      
      EcleX on October 1, 2021 at 8:37 pm
      
      Yes, but such problem did not happen before. It arose with Safari 15. I wonder if there is a way to fix it.
      
      LikeLiked by 1 person
    - 16
      
      hoakley on October 1, 2021 at 9:01 pm
      
      None seen in preferences or the develop menu.
      Howard
      
      LikeLike
    - 17
      
      EcleX on October 3, 2021 at 8:25 pm
      
      Thanks. It is even worse. Once downloaded, the “.webarchive” page cannot be opened double-clicking it. It requires Control-click (or right-click) mouse to open and then grant permission. A huge negative impact on productivity. Really frustrating. Can the Mac be configured to prevent that?
      
      LikeLiked by 1 person
    - 18
      
      hoakley on October 3, 2021 at 8:29 pm
      
      No. That’s because the file is put into quarantine as it has been downloaded and could be malicious.
      Howard
      
      LikeLike
    - 19
      
      EcleX on October 4, 2021 at 3:59 pm
      
      Thanks, but is there a way to prevent such quarantine? I mean, saved web pages should be harmless. At least from sites like this one.
      
      LikeLiked by 1 person
    - 20
      
      hoakley on October 4, 2021 at 5:48 pm
      
      No – it’s enforced by the system. I’m not sure how you’d expect Safari to know whether the content might contain an exploit, which is why all such downloads are now quarantined. They’re easily opened using the contextual menu.
      Howard.
      
      LikeLike
    - 21
      
      EcleX on January 29, 2022 at 10:19 pm
      
      I am glad to report that both issues have been fixed with the recent Safari versions. Great! Safari 15.3 (17612.4.9.1.5) on macOS 12.2 (21D49) Monterey and earlier as well.
      
      LikeLiked by 1 person
22

John Muir on October 1, 2021 at 5:29 pm

Out of interest, I just tried loading your example on my iPhone running iOS 15. I’ve never been to chimet.co.uk before (never heard of it either) but Safari on my phone throws the same security warning you show above.

This leads me to discard the cache theory. I’ve never been there before today, October 1, so there was no cached certificate.

LikeLiked by 1 person
- 23
  
  hoakley on October 1, 2021 at 5:34 pm
  
  Ah – but have you visited any other site relying on those intermediate or Root certificates? It’s the certificate details which are stored in the database I’ll bet.
  If you have any better theory, please tell. However, I now have compelling evidence which I’ll be discussing here on Monday.
  Howard
  
  LikeLike
  - 24
    
    John Muir on October 1, 2021 at 5:45 pm
    
    Fair question. I’ve no idea! Certainly not a brand new phone here. Plausible. Though demonstrably silly in this case!
    
    LikeLiked by 1 person
25

netstv on October 1, 2021 at 7:45 pm

ugh. So I’m a developer and have my own sites and create lets encrypt certs using the certbot. Everything seems to work but on Safari and Chrome the R3 and DST-xx cert is still expired. I can’t figure out how to get the most up to date versions. Maybe I missed in somewhere in this article, but can you help me out and maybe point me to where those certs for Safari?

LikeLiked by 1 person
- 26
  
  hoakley on October 1, 2021 at 7:49 pm
  
  Safari doesn’t use its own certificates but leaves macOS to look them up, as I show above.
  Howard
  
  LikeLike
  - 27
    
    netstv on October 1, 2021 at 7:51 pm
    
    Thanks Howard, but I guess there is no way to tell the MacOS to get the latest ? I have the latest updates etc. I GUESS that’s the answer.. wait for Apple to fix it and make an exception for each site. That’s a total pain. But oh well.
    
    LikeLiked by 1 person
    - 28
      
      hoakley on October 1, 2021 at 7:52 pm
      
      I’m sorry I don’t have any solution, and was rather hoping that someone would come along with one.
      Howard
      
      LikeLike
    - 29
      
      netstv on October 1, 2021 at 7:55 pm
      
      No worries.. I’ll let you know if I find one… I’ll keep hunting… :). The trouble with my system is that I have multiple DNS entries that all have certs that talk to various parts of my system. So I have the normal mywebsite.com and then I have app.mywebsite.com and then I have api.mywebsite.com etc..etc.. so for each of my test systems I have to go and update each one of those.. kinda kills my entire CI/CD process. :). I just LOVE those boys/girls and Let’s Encrypt.
      
      LikeLiked by 1 person
30

ferben on October 1, 2021 at 8:05 pm

The same on my site. Safari and curl has problem with site, but Firefox not.
Safari/curl on 2 intel iMacs (macOS 11.6 and 10.15.7) has problem and Safari/curl on the other Intel iMac (macOS 11.6) has no problem. It is really strange. I’ve tried Onyx for all possible caches cleanning, but no success.

LikeLiked by 1 person
- 31
  
  ferben on October 1, 2021 at 8:08 pm
  
  Only one solution is change settings for the server certificate in Keychain Access.app but in this case we throw away whole security mechanism.
  
  LikeLiked by 1 person
32

HandyMac on October 1, 2021 at 11:57 pm

Indeed. Just tried to open the web page (in Vivaldi, macOS 10.12 Sierra) of the local public library, got a warning instead: “This server could not prove that it is www[dot]santafelibrary[dot]org; its security certificate is from www[dot]weareinflux[dot]com. This may be caused by a misconfiguration or an attacker intercepting your connection.” Good to know why; thanks for the information. Guess I’ll have to do some studying to learn how to fix this. Anyway, in this case I will just proceed, as I’m pretty sure it’s the library, having been there many times before.

LikeLiked by 1 person
- 33
  
  hoakley on October 2, 2021 at 8:18 pm
  
  Thank you. I edited those URLs, as they lead not to the library, but to what appear to be dangerous websites. Safari was doing its job of warning you that you were heading into danger.
  Howard.
  
  LikeLike
  - 34
    
    HandyMac on October 2, 2021 at 8:27 pm
    
    Howard: Yes, sorry, I later realized the URL for the library was an old one; the current one works fine. So I haven’t run into any problem so far. You’re welcome to remove my comment if you’d like.
    
    LikeLiked by 1 person
    - 35
      
      hoakley on October 2, 2021 at 8:37 pm
      
      No problems – it’s an interesting lesson for others.
      Howard.
      
      LikeLike
36

josehill on October 2, 2021 at 5:20 am

It is interesting to note that in terms of business impact, these certificate expiration issues can be at least as disruptive and disorienting for some users as a persistent denial-of-service attack. It’s unfortunate that Apple and other providers don’t provide a more understandable and accessible means of updating certificates. Even for experienced IT support staff, certificate management can be a tricky, confusing subject.

LikeLiked by 2 people
- 37
  
  hoakley on October 2, 2021 at 8:21 pm
  
  Thank you.
  This is always a question of balance. Making it easy to update root certificates also makes it easy to have imposters installed, and would quickly be abused. The intention is that the user, even system administrator, shouldn’t have to manage certificates, and I’m still unsure exactly why that isn’t working here.
  Howard.
  
  LikeLike
38

josehill-real on October 2, 2021 at 5:27 am

Apologies for the multiple posts and “likes.” I just updated my Safari, and I ran into a strange WordPress login issue. Feel free to delete the repeat posts and this comment, of course. Sorry again. I appreciate the work that you do!

LikeLiked by 1 person
- 39
  
  hoakley on October 2, 2021 at 8:22 pm
  
  Thank you – no problems.
  Howard.
  
  LikeLike
40

Peter on October 2, 2021 at 7:45 am

I have the same problem, I did as this website told and it works . you may try

https://docs.certifytheweb.com/docs/kb/kb-202109-letsencrypt/

macOS, iOS etc#
Some operating systems hold onto the expired R3 > DST Root CA X3 chain even if your server is no longer using it. Try a restart of the affected client device.

For older macOS not updated by Apple:

Download http://x1.i.lencr.org/
Open the Keychain Access app and dragging that file into the System folder of that app.
then find the ISRG Root X1 certificate in System and double click on it, open the Trust menu and change “Use System Defaults” to “Always Trust”, then close that and enter your password to confirm the change (if prompted).

LikeLiked by 3 people
- 41
  
  Ano Nym on October 2, 2021 at 6:43 pm
  
  This works. OS X 10.11.6, newest Chrome version! Restarted the OS and Chrome.
  
  LikeLiked by 1 person
- 42
  
  hoakley on October 2, 2021 at 8:23 pm
  
  Thank you – added with due credit to both articles.
  Unfortunately, the suggestion to restart does absolutely nothing. It’s as if the old certificate has poisoned the cache/database.
  Howard.
  
  LikeLike
- 43
  
  MarioDiaz on October 4, 2021 at 2:03 pm
  
  Thanks a lot! It worked perfectly for me (OS X 10.11.6).
  
  LikeLiked by 1 person
44

Gord on October 2, 2021 at 3:02 pm

Starting yesterday, I can no longer reach eclecticlight.co using Safari on my El Capitan Mac. I don’t even get the option to bypass the warning that the site may be trying to steal my credentials etc.—I just get a full-page Safari error that “Safari can’t establish a secure connection to the server.”

LikeLiked by 1 person
- 45
  
  hoakley on October 2, 2021 at 8:33 pm
  
  I’m sorry to hear that. However, this site’s certificates are fine, and don’t steal anyone’s credentials. It sounds like your version of Safari is broken, I’m afraid.
  Howard.
  
  LikeLike
46

noname on October 2, 2021 at 3:39 pm

Any success copying the most recent root certificates from keychain access’ “system roots” to an older OS?

LikeLiked by 1 person
- 47
  
  hoakley on October 2, 2021 at 8:34 pm
  
  If you want to do that, it’s normally better to export the ones you want to transfer, and import them to the other keychain.
  Howard.
  
  LikeLike
48

LP on October 2, 2021 at 10:50 pm

Got the error trying to get to this article!

LikeLiked by 1 person
- 49
  
  hoakley on October 3, 2021 at 7:10 pm
  
  I’m sorry: that’s definitely something at your end that’s not right.
  Howard.
  
  LikeLike
50

Aaron Shepard on October 3, 2021 at 3:56 am

In my Keychain Access for High Sierra 10.13.6, I’m seeing the ISRG Root X1 certificate but not the X3, and I can access http://www.chimet.co.uk in Safari with no problem. Should I take that to mean that High Sierra updated the certificates properly.?

LikeLiked by 1 person
- 51
  
  hoakley on October 3, 2021 at 7:12 pm
  
  Yes: this shouldn’t affect more recent versions of macOS, which have the right Root certificate. However, they can still hit problems as I’ve explained.
  Howard.
  
  LikeLike
52

Dan Richardson on October 3, 2021 at 5:36 pm

The solution is right there in the Certify The Web page that you linked to. You may have to copy and paste the link into a new browser window. Clicking on it didn’t work for me.

“For older macOS not updated by Apple:

Download the ISRG Root X1 certificate file from http://x1.i.lencr.org/
Open the Keychain Access app and drag that file into the System folder of that app.
Find the ISRG Root X1 certificate in System and double click on it, open the Trust menu and change “Use System Defaults” to “Always Trust”, then close that and enter your password to confirm the change (if prompted).
“

LikeLiked by 1 person
- 53
  
  hoakley on October 3, 2021 at 7:25 pm
  
  Thank you. Unfortunately, I’m not sure which comment you’re replying to, as WordPress seems to have decided that it was to deep to go any further as a reply.
  Howard.
  
  LikeLike
- 54
  
  Al on October 6, 2021 at 3:05 pm
  
  I clicked on the x1 link that you indicated, went to ‘downloads’ and double clicked on the file that it downloaded which launched the keychain app, I then scrolled down to the indicated file and saw that it had a red x which indicated that it was not trusted. I double clicked on the file in keychain which brought up a box where I could change the ‘use system defaults’ to ‘always trust’ and it SOLVED THE PROBLEM. Whew! Nice job. I can stop shopping for a new laptop. (existing is 2012 MacBook)
  
  LikeLiked by 1 person
55

Bünzli on October 4, 2021 at 9:54 am

Hello. The “Download ISRG Root X1” solution does not work on a 10.14.6 (Mojave) with Safari 14.0 machine. Moreover how do you install this certificate on a iOS 15.0.1 device ?

I have this problem on three recent devices using same iCloud account. I hope there will be another solution soon…

LikeLiked by 1 person
- 56
  
  hoakley on October 4, 2021 at 5:50 pm
  
  I’m sorry to hear that.
  The Root certificate is already installed among the roots of all versions of macOS from around Sierra onwards, and in iOS of similar vintages. So there’s nothing you can do to correct this, I’m afraid.
  Howard.
  
  LikeLike
  - 57
    
    netstv on October 4, 2021 at 7:22 pm
    
    I fixed mine.. for anyone like me on the developer side… you need to make sure to pass in –preferred-chain “ISRG Root X1” to certbot.
    
    THEN if you are using nginx.conf or something similar make sure your cert points to the fullchain.pem and not the single.pem!!!!!
    
    LikeLiked by 1 person
  - 58
    
    Bünzli on October 4, 2021 at 7:45 pm
    
    Hello,
    I followed these instructions and now it works at least on my Mac:
    
    https://www.stephenwagner.com/2021/09/30/sophos-dst-root-ca-x3-expiration-problems-fix/
    
    Still have problems on my iPhone…
    
    LikeLiked by 1 person
59

Michael Tsai - Blog - Some Web Sites Will Stop Working With El Capitan and Older on October 4, 2021 at 6:54 pm

[…] Howard Oakley: […]

LikeLike
60

Bünzli on October 4, 2021 at 8:21 pm

SOLVED !!! The problem was on the server side, not on the client side. You have to ask that the server admin to use “fullchain.pem” and not “cert.pem” in configuration !!
I found the answer here: https://community.letsencrypt.org/t/r3-intermediate-certificate-has-expired/160797/16 in comment from “penguintopia”

Everything is now ok without adding any certificats (I removed them) on my recent Mac and iPhone.

Hope this helps !

LikeLiked by 1 person
61

JW on October 6, 2021 at 5:45 pm

On Mojave, I’m not seeing this issue with Safari, but I do see it with curl. I had to remove the cert manually from /etc/ssl/cert.pem (see https://stackoverflow.com/a/69413675)

LikeLiked by 1 person
- 62
  
  hoakley on October 6, 2021 at 9:30 pm
  
  Oh goodness – more collateral damage!
  Howard.
  
  LikeLike
63

Keith on October 8, 2021 at 10:33 pm

I read the earlier article about El Capitan that said this article would have advice on what to do to overcome this, but I see no practical solution? Help us!

LikeLiked by 2 people
- 64
  
  hoakley on October 8, 2021 at 10:36 pm
  
  Which version of macOS are you using?
  Have you read the comments describing how to download and install the new Root certificate?
  Howard
  
  LikeLiked by 1 person
65

mad Yuzi on October 11, 2021 at 5:20 pm

I still had this problem.my users that visited my sites previously now getting R3 cert expired page. But if I try access it using phone that never visited the sites,it works fine. So I agree with you it is a cert cache problem. But I had googled all over,there is no way to clear ssl cache on iPhone/ipad. Anyone got solution? My server already using fullchain.pem but still no luck.android/windows and fresh iOS work fine.only returning users on iOS got problem.

LikeLiked by 2 people
- 66
  
  hoakley on October 11, 2021 at 5:22 pm
  
  Can you provide a URL for me to check?
  Howard
  
  LikeLiked by 1 person
67

Peter Jensen on October 12, 2021 at 7:56 am

Greetings

Trying to find a solution I ended up at your site and this article.
I had clients with similar problems, and clients with backupsoftware from Backblaze that was having issues.

Backblaze provided this solution. Note that you could also use https://chimet.co.uk for fetching the ISRG ROOT X1 certificate.

I have succesfully tested it on 2 different environments, and it is working.

Open Safari.
Manually type https://api.backblaze.com, do not click the link
Click “Show Certificate” in the window that opens.
Select “ISRG Root X1 Certificate” from the hierarchical list. You must select the top level certificate.
Click the “Always Trust” checkbox.
Enter your user account password to grant access when prompted, NOT your Backblaze password.
Click on “Update Settings”
Open up Keychain Access, and select the “ISRG Root X1” certificate from the “login” list of certificates (it lists as “untrusted” at this point)
Right-clicked and export as a .pem file called “~/Documents/ISRG Root X1.pem” without the quotes
Run this command into your Terminal utility without the surrounding quotes: “sudo security -v add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/Documents/ISRG\ Root\ X1.pem”

Sincerely
Peter

LikeLiked by 2 people
68

Jeremy Evans on October 15, 2021 at 12:58 pm

I have a 2009 17 inch Macbook Pro running 10.11.6 which I have owned from new. It works perfectly but I am now getting all these warnings on websites and sometimes no images on emails or websites. I get the feeling the most obvious solution may be to buy a new Macbook. Does that sound sensible?

LikeLiked by 1 person
- 69
  
  hoakley on October 15, 2021 at 1:01 pm
  
  If you can, as your Mac is over ten years old, I think that’s an excellent idea.
  Howard
  
  LikeLike
- 70
  
  Keith Volpe on October 15, 2021 at 2:34 pm
  
  I too have a perfectly good 2010 MacBook Pro that has been made obsolete by software OS updates! So, yes, it seems like Apple is pulling our plug and forcing us to upgrade too! My last ditch solution is adding an external hard drive (with FireWire of course!) and installing High Sierra 10.12+ Supposedly that’ll take care of the problem…until they push out yet another unneeded, unwanted, and unnecessary upgrade….can you say “planned obsolescence”?
  
  LikeLiked by 1 person
  - 71
    
    hoakley on October 15, 2021 at 3:36 pm
    
    It’s not Apple that’s forcing you, I’m afraid that it’s the march of technology. You can keep old Macs running until they drop, but tackling problems such as this, and security issues more generally, simply becomes too technically demanding unless you enjoy doing that sort of thing.
    Upstairs, I have a Mac IIfx, a Mac Portable, and an Xserve among many other old Macs. They were all wonderful for the time, but couldn’t cope with many modern websites, such as this one, and would be a security nightmare. Lovely for hobbyists, but simply not practical. And they couldn’t run any of today’s apps either.
    Howard.
    
    LikeLike
    - 72
      
      ellie123 on October 16, 2021 at 4:34 am
      
      FWIW, I use my personal laptop mostly for internet browsing and word processing. My 2013 Mac handled both of those quite well. I don’t really care about gaming or anything that might require much processing power.
      
      With the security update, I literally can’t access Wikipedia. It’s hit-or-miss as to which sites I can access that actually explain the problem. The only reason I am reading your site because it’s the top Google hit that will load.
      
      I get that it’s hard to support legacy software, but the economy is a mess right now, and many people don’t have the luxury of buying a new laptop. This isn’t a hobbyist problem – if anything, the hobbyists are people who have alternatives. I’m just grateful that this didn’t happen 18 months ago, when replacing my laptop might literally have killed me.
      
      Instead, the gods of cybersecurity have decided that I need to spend money on a laptop rather than fixing my car.
      
      LikeLiked by 1 person
    - 73
      
      hoakley on October 16, 2021 at 4:53 pm
      
      Thank you. I’m sorry that you’re forced to make this decision, but this isn’t just a question of legacy software support. Over the eight years since your Mac was made, a great deal has changed with the Internet, in security in particular.
      I had hoped that Apple might maintain Mojave as a special case, but sadly it hasn’t.
      Howard.
      
      LikeLike
74

v8 on December 18, 2021 at 4:01 am

I don’t know what’s the point of HTTPS when then each website nowadays asks for your PHONE NUMBER hows is that for muh “privacy”, idiotic.

LikeLiked by 1 person
- 75
  
  hoakley on December 18, 2021 at 3:06 pm
  
  Erm, I can’t think of a single website that does that. This one certainly doesn’t!
  Howard.
  
  LikeLike