Hosting distfiles on HTTPS w/Let's Encrypt - how?

Jov zhao6014 at
Thu Jun 1 01:25:33 UTC 2017

can you dowload the file distfiles/INIT.2014-12-24.tgz
<> using
browser such as chrome?

be sure to use full chain cert file,I rember I had similar problem and use
full chain cert fixed.

2017年6月1日 8:01 AM,"Marcin Cieslak" <saper at>写道:


I have posted my port's local distfiles to a machine
that is serving them with SSL behind the Let's Encrypt
certificate ( This is SSL-only.

However, poudriere fails on certificate check when trying
to fetch it:

=======================<phase: check-sanity   >============================
===>  License EPL accepted by the user
=======================<phase: pkg-depends    >============================
===>   ksh93-20160716 depends on file: /usr/local/sbin/pkg - not found
===>   Installing existing package /packages/All/pkg-1.10.1.txz
[ksh-test-amd64-exp-job-01] Installing pkg-1.10.1...
[ksh-test-amd64-exp-job-01] Extracting pkg-1.10.1: .......... done
===>   ksh93-20160716 depends on file: /usr/local/sbin/pkg - found
===>   Returning to build of ksh93-20160716
=======================<phase: fetch-depends  >============================
=======================<phase: fetch          >============================
===>  License EPL accepted by the user
=> INIT.2014-12-24.tgz doesn't seem to exist in /portdistfiles/ksh93.
=> Attempting to fetch
Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt
Authority X3
34374329736:error:14090086:SSL routines:ssl3_get_server_certificate:certificate
verify failed:/usr/src/secure/lib/libssl/../../../crypto/
Authentication error
=> Attempting to fetch
2014-12-24.tgz: Not Found
=> Couldn't fetch it - please try to retrieve this
=> port manually into /portdistfiles/ksh93 and try again.
*** Error code 1

What is the best solution here?

so I really have to add security/ca_root_nss (... and perl)
as a fetch dependency? Any other solution?

A quick look at shows that we have some https-only distfile

Marcin Cieślak

More information about the freebsd-ports mailing list