When I run the acme-client delivered with the ports tree of FreeBSD 11.0 (acme-client-0.1.15_1) I get an error in the handshake with the letsencrypt server (2a02:26f0:7b:48f::3d5).
I have libressl (libressl-2.4.5) installed and added
DEFAULT_VERSIONS+=ssl=libressl
to /etc/make.conf. I installed acme-client after installing libre-ssl.
This is the output when I add the -vv parameter:
acme-client: /usr/local/etc/acme/privkey.pem: account key exists (not creating)
acme-client: /usr/local/etc/ssl/acme/private/pma.lxs.biz.pem: domain key exists (not creating)
acme-client: /usr/local/etc/acme/privkey.pem: loaded RSA account key
acme-client: /usr/local/etc/ssl/acme/private/pma.lxs.biz.pem: loaded RSA domain key
acme-client: https://acme-v01.api.letsencrypt.org/directory: directories
acme-client: acme-v01.api.letsencrypt.org: DNS: 2a02:26f0:7b:48f::3d5
acme-client: acme-v01.api.letsencrypt.org: DNS: 2a02:26f0:7b:48e::3d5
acme-client: acme-v01.api.letsencrypt.org: DNS: 23.62.131.169
acme-client: 2a02:26f0:7b:48f::3d5: tls_write: handshake failed: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
acme-client: 2a02:26f0:7b:48f::3d5: tls_read: handshake failed: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
acme-client: https://acme-v01.api.letsencrypt.org/directory: bad comm
acme-client: bad exit: netproc(60565): 1
After a night of searching for solutions I did find people with similar problems, but with different software and solutions that did not apply or work for me. Am I right to assume that the problem lies with libressl? How can I test this, or better, solve this problem?
DST Root CA X3
as specified in the offered chain, orIdentrust Commercial Root 1
assuming libre supports bypassing the chain to the truststore as Open added in 1.0.1, IIRC pre-fork. I don't know what libre (either upstream or in FreeBSD) does for default truststore. (Open upstream doesn't do any, leaving it up to packagers and installers.) If so add one of them.security/ca_root_nss
port ?