Comment on page
Root Certificates

"Cannot reach server"
All macOS versions older than Catalina (10.15) are using a expired root certificate, which will cause secure connections to online servers to fail. That means activation and deactivation are not possible without removing the expired certificate first. 
This only affects older app versions, not current releases:
Hedge older than 21.2.3
FoolCat older than 21.2.2
Canister older than 21.2.9
​ Background information on the expiry of Let's Encrypts DST Root CA X3 by Let's Encrypt​
​
To remove the expired certificate, make sure to go through the following steps: 
This process may seem a bit overwhelming, but every single little step has been documented, so in practice, it is not so bad — you can do it 😁
​
1. Open Finder and choose "Go to Folder" in the "Go" menu (Shift-CMD-G):
2. Enter this path /etc/ssl/cert.pem and click Go
3. Before editing the cert.pem file, duplicate it  by right-clicking → Duplicate (Authenticate when prompted for your password):
4. In Finder, right-click on cert.pem → Open With → Other...
5. Select TextEdit to open the file:
6. Search for 44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b (The ID of the expired certificate):
7. Remove everything from ### Digital Signature Trust Co. until -----END CERTIFICATE-----
It can be that the first 3 lines containing the description of the certificate are missing. In that case, remove everything from Certificate: until  -----END CERTIFICATE-----
8. Chose Duplicate when prompted on removing the expired certificate:
9. Close the file, and save as cert.pem in Documents:
10. Use .pem as extension
11. Move the duplicate cert.pem that you saved in Documents to /etc/ssl and Authenticate with your password when prompted.
12. Choose Replace when prompted:
13. Now, you can continue activating your Hedge, Foolcat, or Canister app 🎉
Last modified 2mo ago