Symptoms

When you go to https://stagehand.app, you see a Not Secure message beside the address bar and/or a "Your connection is not private" page. You might see a similar error to other websites that you go to like Wikipedia.


Cause

Most web browsers (Safari, Edge, Chrome) use the certificate root trust store from the operating system to validate SSL certificates for pages that the user visits. Stagehand's web site as well as a number of other popular websites (e.g. Wikipedia) uses Let's Encrypt SSL certificates for secure communication between your browser and Stagehand. These certificates use a root certificate that was introduced in 2015 and requires your computer/mobile device to be at a version that includes the ISRG Root X1 certificate in its Trusted Root Certification Authorities.


Let's Encrypt has a certificate compatibility list that indicates what platforms trust the ISRG Root X1 certificate. Here is requirements for major platforms:

  • macOS >= 10.12.1
  • iOS >= 10
  • Windows >= XP SP3
  • Mozilla Firefox >= 50.0

Recommended Solution

  • Update your computer/mobile device's operating system to something more recent. This should be the preferred option as device with an older OS may not be receiving security updates from the vendor and a target for malicious attacks. If you have a Mac and need help with this, visit the Genius Bar at your nearest Apple Store.

Other Possible Solutions

If for some reason, you cannot upgrade your operating system to a newer version. You can try one of these options but will not be able to support your specific system.


  • Install and use the latest version of Mozilla Firefox browser. It has its own built-in root certificate store rather than using the operating system's version.
  • Manually install the ISRG Root X1 certificate into your device's trusted root certificates. This can vary per platform but for Mac OS, you can try:
    1. Downloading the ISRG Root X1 certificate from Let's Encrypt at https://letsencrypt.org/certs/isrgrootx1.der.
    2. Open the Keychain Access app and drag that file into the System folder of that app.
    3. Find the ISRG Root X1 certificate in System and double click on it. Open the Trust menu and change "Use System Defaults" to "Always Trust". Then close and if prompted, enter your password to confirm the change.