Just a heads up on a problem that will affect you if you’re using macOS prior to 10.12.1.
This article sums it up:
- our website uses SSL for security, we use a common certificate called “Let’s Encrypt”
- Sparkle connects to our website during publishing for some server side processing
- today a 10 year old “root” certificate used by Let’s Encrypt expired
- the root certificate in question is used by browsers to trust website certificate like ours
- the root certificate is part of macOS and can only be replaced by Apple
- since Sparkle uses system functionality to connect to our website, the security can’t be established
- the root certificate in question was used up to 5 years ago, say iOS 10, macOS 10.11, Android 4, Let’s Encrypt is so popular that it’s likely half the web will break for those devices
- a newer certificate was used in macOS starting with 10.12.2, if you’re using an older system you are affected, and we can’t fix the system for you
This is very urgent for us to fix, but will likely require a few days to address. If you require an immediate fix unfortunately we can only suggest upgrading your macOS to at least 10.12.
There are other workarounds mentioned in references linked from the article above, namely:
I managed a workaround by going to the [IdentTrust DST Root CA X3] certificate, right-clicking and selecting Get Info. In the pop up, I expanded Trust settings and set the top drop down to “Always Trust”. I then restarted my browser and was able to access a site previously blocked by the expiry.
But this is technical in nature.
We’ll let everybody know as soon as we have a workaround for this.