# The expired leapseconds file is still a thing?  why?



## johnblue (Jun 20, 2019)

Solved - Leapseconds file expired
					

Hello all, running FreeBSD 10.3 with ntpd enabled through rc.conf with these lines ntpd_enable="YES" ntpd_sync_on_start="YES" I started receiving this message at startup ntpd[655]: leapsecond file ('/var/db/ntpd.leap-seconds.list'): expired less than 17 days ago I take a look at my...




					forums.freebsd.org
				




I did what was recommended in the thread and install security/ca_root_nss followed by `service ntpd fetch` and it started working:


```
ntpd[830]: ntpd 4.2.8p12-a (1): Starting
ntpd[831]: leapsecond file ('/var/db/ntpd.leap-seconds.list'): good hash signature
ntpd[831]: leapsecond file ('/var/db/ntpd.leap-seconds.list'): loaded, expire=2017-12-28T00:00:00Z last=2017-01-01T00:00:00Z ofs=37
ntpd[831]: leapsecond file ('/var/db/ntpd.leap-seconds.list'): expired less than 540 days ago
pkg-static[1310]: ca_root_nss-3.44 installed
ntpd[831]: ntpd exiting on signal 15 (Terminated)
ntpd[1376]: ntpd 4.2.8p12-a (1): Starting
ntpd[1377]: leapsecond file ('/var/db/ntpd.leap-seconds.list'): good hash signature
ntpd[1377]: leapsecond file ('/var/db/ntpd.leap-seconds.list'): loaded, expire=2019-12-28T00:00:00Z last=2017-01-01T00:00:00Z ofs=37
```

It may be because I have not really been paying attention but I sure do not remember having these type of issues with ntpd out of the box.


----------



## SirDice (Jun 20, 2019)

Lots of ports/packages depend on the security/ca_root_nss package, so it's often already installed and you may not have noticed it getting pulled in as a dependency.

Having it part of the base is going to pose some update problems, on each updated certificate store a new patch release would need to be released. With a port or package this is easier to maintain and update.


----------



## johnblue (Jun 28, 2019)

[QUOTE="SirDice].. it's often already installed and you may not have noticed it getting pulled in as a dependency.[/QUOTE]That makes sense because this was a bare metal install and I decided to poke on internal systems first.


----------

