Date: Tue, 26 Mar 2019 11:16:51 +0100 From: Andrea Venturoli <ml@netfence.it> To: freebsd-questions@freebsd.org Subject: security/ca_root_nss missing Let's Encrypt X3 certificate Message-ID: <d81ae160-44c1-693d-f97b-abb1830b0c48@netfence.it>
next in thread | raw e-mail | index | archive | help
Hello. I'm having trouble connecting (e.g. with fetch) to TLS servers which are using a Let's Encrypt certificate. The exact message depends on the client I use, but it goes along this line: >Protocol error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) >SSL Certficate error: certificate issuer (CA) not known: > /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 Of course adding that specific certificate to /usr/local/etc/ssl/cert.pem is enough to solve. However, Let's encrypt seems to be widely accepted, so I was suprised not to find it in security/ca_root_nss. Also, some page on the Internet [1] suggests the certifiate should be there. [1] > https://www.linuxadminqa.com/freebsd-wget-can-not-confirm-certificates-issued-by-lets-encrypt/ Am I doing something wrong or is this certificate really missing? If so, why? Isn't it worth adding it? bye & Thanks av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d81ae160-44c1-693d-f97b-abb1830b0c48>