[satellite2]

They are not even shipping root certificates in El Capitan (os from 5 years ago) and there is no way to update them safely without another computer. This is arguably the most important aspect of the trust ecosystem and there is no way to browse safely without those.

[Wowfunhappy]

Why don’t you consider downloading isrgrootx1.der from its official source[1] and adding it to Keychain Access to be safe?

It’s what I did on my machine running OS X 10.9. No second computer required.

1: https://letsencrypt.org/certificates/

[satellite2]

Yes that's how you solve it. But you need the updated certificate to view this website without warning, thus the need for another computer.

[Wowfunhappy]

> But you need the updated certificate to view this website without warning

I didn’t. IIRC they did some whacky thing on their own site such that it still worked in Chromium.

[cmeacham98]

Doesn't Chromium use its own CA store, or is that different on the OS X version?

[Wowfunhappy]

Chromium uses its own HTTPS implementation but does not currently use its own CA store. If it did, adding the aforementioned certificate would not have fixed all of the “Your Connection Is Not Private” errors I was encountering previously. :)

[garmaine]

They would presumably use both.

[gregoriol]

Maybe with curl/wget?

[yjftsjthsd-h]

Both of which will also need a certificate store

[quesera]

Use the -k switch on curl to skip certificate verification.

Use a phone, or a phone call to a trusted friend, to verify the signature of the certificate.

Obviously not instructions you can give to an ordinary user, but that line was crossed at curl.

[afandian]

This caught out a family member. Until you said that I thought it was user error. Gone are the days of recommending apple because 'it just works'.

[tuxone]

To be fair El Capitan has been replaced by Sierra which is compatible with machines that are more than 10 years old.

[Toutouxc]

AFAIK the youngest machine stuck on El Capitan (released 6 years ago, not 5) is a MacBook Air released 11 years and one month ago. Anything newer is at least on High Sierra (relased 4 years ago).

[rkeene2]

Does Apple not charge for OS upgrades anymore ?

[Toutouxc]

The last paid version was OS X Mountain Lion (10.8, released 2012).

[afandian]

All I know is that they followed the default and ended up being unable to even open the app store to update their OS. Whatever OS support is available for whatever hardware, Apple effectively orphaned that machine.

[phicoh]

I recently updated an old MacbookPro6,2 from Yosemite to High Sierra and that was a complete disaster. Took me a huge amount of time.

I think there two problems: the upgrade could not handle the way the disk was partitioned (or something else). Everything I tried kept failing until I removed the disk, and completely wiped it. Discussions I found online were not helpful.

The other part is the magic you need to download High Sierra on a newer Macbook. It is not as if you can just go to the Apple store and download it.

That said, I have been using Macbooks for work for the last 10 years or so. They always get upgraded a couple of times during their lifetimes. Usually not a big problem. So I was quite surprised how bad it went.

[chrisfinazzo]

High Sierra introduced APFS, so I'm not surprised you might have had formatting issues. Still, I wonder how common multiple partitions really are - among nerds, sure - in the broader userbase.

[chrisfinazzo]

I needed to upgrade my Mom's MacBook (a 2017, bad keyboard and all) to Catalina to make sure she could still get updates for Office 2016.

This has since been replaced by an M1 Air and Office 2021, but the migration was easier this way. Old versions of macOS are listed at this URL, which is how I got a link for the latest 10.15 installer.

https://support.apple.com/en-us/HT211683

[darthrupert]

Which part of upgrading macos to a supported version is not working?

[afandian]

The bit where Apple's OS tries to connect to Apple's update servers, and can't authenticate because Apple switched to an incompatible root CA.

[wazoox]

Ah yeah, I've recently received for free an iMac running Macos 10.9. It's simply impossible to upgrade; the only proposed upgrade release is 10.11, the installation starts then fails in a loop. Fortunately I don't actually need to save anything from this machine, and I have another Mac to download a newer OS installer, but that's quite painful.

[Reason077]

If it's a 2007/2008 model iMac then it will be able to run 10.11 (El Capitan). If it's a Late 2009 iMac or newer then it will be able to run at least 10.13 (High Sierra).

If the default/upgrade installation is failing then I'd try creating a bootable installer on USB [1]. If it still fails then try erasing the target drive first to do a clean install (you can do this by running Disk Utility from within the installer).

[1] Instructions here: https://support.apple.com/HT201372

[wazoox]

It's a 2014 model, it can definitely run Macos 11. But as it has been unused for the past few years, it hasn't been upgraded and it's quite funny how utterly unusable it became: very few websites work at all (certificates problem), it's impossible to install any current application because even Firefox LTS requires 10.13 or so, and it's impossible to upgrade without using another Mac to download the update tool. That's not very user-friendly if you ask me :)

[gordeh]

I did this exact thing for a client last week. No need for another computer I just downloaded the installer from the app store and run it as normal. Maybe they have tweaked things.