security/ca_root_nss missing Let's Encrypt X3 certificate

Andrea Venturoli ml at
Tue Mar 26 13:45:42 UTC 2019

On 3/26/19 11:58 AM, Yasuhiro KIMURA wrote:

> What server application you use?

I use Let's Encrypt certificates in Apache's HTTPd, sendmail, 
cyrus-imap, etc...
However, this is not relevant here: I'm talking about FreeBSD as a 
client and not necessarily connecting to "my" servers.

> Let's Encrypt Authority X3 is signed by DST Root CA X3.


> And DST Root CA X3 is included in security/ca_root_nss.

Right again: I did not notice this.

> So if you configured server application
> properly it should be able to use server sertificates issued by Let's
> Encrypt.

Again, it's not a server problem, but rather a client program.

It works now, even if I didn't change anything!!!
I don't know what happened really... several sites were not working, but 
they are reachable again.

Thanks anyway and sorry for the noise!


More information about the freebsd-questions mailing list