# Jail fails to locally verify Let's Encrypt certs



## stratacast1 (Aug 1, 2017)

I am using jails on my FreeBSD system which I just did an upgrade from FreeBSD-11.0 to 11.1 on, and built py3-iocage 0.99 from the ports tree then fetched the 11.1 image. I'm trying to use wget to get packages (also tried fetch) and I found that any website using Let's Encrypt as their issuer cannot be verified by the jail. I tested wget on the host machine but it does not have this issue, any thoughts to get this to work?


----------



## SirDice (Aug 1, 2017)

Make sure security/ca_root_nss is installed and is up to date. It contains all the root CA certificates.


----------



## stratacast1 (Aug 3, 2017)

That was it haha, I'm going to remember that one  thank you!


----------

