If your RoundPie desktop app stopped working this morning, you may wonder why. The version from the Mac App Store has the same issue. You try to log in, and you see
Login failed try again...
It worked fine until now, nothing has changed on your computer. And strange enough, you can log in to the RoundPie web app in Firefox without a problem! All right, you are almost sorted, no more need to troubleshoot or reinstall the app, no reason to delete it, or your settings in ~/Library/Application Support/RoundPieApp.
RoundPie is perfectly fine, the system needs a quick help
Of course, I always recommend updating your operating system and device with at least, the latest security updates. But sometimes the hardware is more than 5 or 6 years old, still in great condition, performing well for your needs. And it may not support the latest version of the system.
The problem is caused by a root certificate that expired on 30 September 2021. Like Scott Helme detailed in his blog, This will not be the first time a root CA certificate has expired, and I imagine it will follow the same trend as previous expirations where things break. If the root certificate that your certificate chain anchors on is expired, then there's a good chance it's going to cause things to fail.” Even Let’s Encrypt cannot do anything about it. Let’s Encrypt is the organization that provides millions of security certificates for free, to allow us to run websites and applications under HTTPS.
Who is affected
Some iPhones would have the issue with iOS 9 or older. Potentially, the platforms that did not receive a certificate that would replace the expired one.
- macOS < 10.12.1
- iOS < 10
- Mozilla Firefox < 50
- Ubuntu >= precise / 12.04 and < xenial / 16.04
- Debian >= squeeze / 6 and < jessie /8
and some and known incompatible - Android < v2.3.6 - Windows XP prior to SP3
Let’s Encrypt has the full list here https://letsencrypt.org/docs/certificate-compatibility/
How to fix it
You may find a few solutions and quick fixes on the web. In my opinion, the safest one is to add the new valid certificate in Mac OS:
- With Firefox, download the ISRG Root X1 https://letsencrypt.org/certs/isrgrootx1.der
- With another browser, you will have a similar security issue, because browsers trust the root certificates of the system, except Firefox who has its own root store;
- If you do not have Firefox (what? seriously? ;-), you may need Firefox version 78 ESR (for Extended Support Release) to be compatible with your system. You can download it from here
- Open the Keychain Access application, drag and drop the certificate file on the System folder (in the left sidebar), and type your administrator credentials when requested,
- On the same sidebar, select the folder System,
- on the top right, use the Search box for "ISRG", and select Get info (or double click the name),
- in the certificate popup window, expand the arrow Trust and on the first line When using this certificate: in the dropdown menu, select the option Always Trust,
- Save and close the certificate window, and type your administrator credentials when requested.
That’s it!
Now re-open your RoundPie app, and you should log in again without any issue. Well, at least until June 2035, when this root certificate expired!
Thank you, Alex, with the RoundPie App team, for your help troubleshooting this issue. And for the suggestion to create a blog post to help other users.
Please read my blog post, with a more general angle about this expired Root certificate.
About the author:
Hervé Boinnard is an entrepreneur, a website builder, and integrator, web designer, and developer with his business Puma-IT. He specializes in eCommerce Solutions and Multilingual Websites with Joomla. Passionate about Free/Libre Open Source Software and community, he created a lot of bilingual websites, and some only with the Irish language. He maintains the Irish language pack for Joomla and contributes as a volunteer to this project since 2009.
What would you like to know and what would be the best way to share this information with you? What are the best tips & tricks, what workaround do you use? We'd really appreciate your insight on these ones to make our integrations better, more productive, and much more efficient. Comments, tweets are always welcome.