security/ca_root_nss missing Let's Encrypt X3 certificate

Lorenzo Salvadore phascolarctos at
Tue Mar 26 15:10:25 UTC 2019

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday 26 March 2019 14:45, Andrea Venturoli <ml at> wrote:

> On 3/26/19 11:58 AM, Yasuhiro KIMURA wrote:
> > What server application you use?
> I use Let's Encrypt certificates in Apache's HTTPd, sendmail,
> cyrus-imap, etc...
> However, this is not relevant here: I'm talking about FreeBSD as a
> client and not necessarily connecting to "my" servers.
> > Let's Encrypt Authority X3 is signed by DST Root CA X3.
> Ok.
> > And DST Root CA X3 is included in security/ca_root_nss.
> Right again: I did not notice this.
> > So if you configured server application
> > properly it should be able to use server sertificates issued by Let's
> > Encrypt.
> Again, it's not a server problem, but rather a client program.
> It works now, even if I didn't change anything!!!
> I don't know what happened really... several sites were not working, but
> they are reachable again.
> Thanks anyway and sorry for the noise!
> bye
> av.

I sometimes experienced similar strange behaviors with certificates.
I do not know very well how certificates work, but I think time is a factor
and if responses arrive too late the certificate is not correctly recognized
(please, be patient if I'm wrong, my knowledge on the topic is vague).

I notice that we are both from Italy: I wonder if the problem is that our
connections sometimes are too slow to have certificates work correctly.

Lorenzo Salvadore.

More information about the freebsd-questions mailing list