Hosting distfiles on HTTPS w/Let's Encrypt - how?

Marcin Cieslak saper at
Thu Jun 1 00:01:00 UTC 2017


I have posted my port's local distfiles to a machine
that is serving them with SSL behind the Let's Encrypt
certificate ( This is SSL-only.

However, poudriere fails on certificate check when trying
to fetch it:

=======================<phase: check-sanity   >============================
===>  License EPL accepted by the user
=======================<phase: pkg-depends    >============================
===>   ksh93-20160716 depends on file: /usr/local/sbin/pkg - not found
===>   Installing existing package /packages/All/pkg-1.10.1.txz
[ksh-test-amd64-exp-job-01] Installing pkg-1.10.1...
[ksh-test-amd64-exp-job-01] Extracting pkg-1.10.1: .......... done
===>   ksh93-20160716 depends on file: /usr/local/sbin/pkg - found
===>   Returning to build of ksh93-20160716
=======================<phase: fetch-depends  >============================
=======================<phase: fetch          >============================
===>  License EPL accepted by the user
=> INIT.2014-12-24.tgz doesn't seem to exist in /portdistfiles/ksh93.
=> Attempting to fetch
Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
34374329736:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1264:
fetch: Authentication error
=> Attempting to fetch
fetch: Not Found
=> Couldn't fetch it - please try to retrieve this
=> port manually into /portdistfiles/ksh93 and try again.
*** Error code 1

What is the best solution here?

so I really have to add security/ca_root_nss (... and perl)
as a fetch dependency? Any other solution?

A quick look at shows that we have some https-only distfile

Marcin Cieślak
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3663 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the freebsd-ports mailing list