pfSense

I use a "Custom" DDNS service to register my dynamic home IP address as a subdomain of my dedicated server domain (static IP address). I administer both ends of the DDNS system.

I created a local pfSense CA and then used it to sign a certificate that I then installed on my web server. The Trust Store option (Add this Certificate Authority to the Operating System Trust Store) in the pfSense CA entry is checked (yes). However, the DDNS update returns an error: "rc.dyndns.update: Curl error occurred: SSL certificate problem: unable to get local issuer certificate"

Investigating, I found my custom CA was added to the Trust Store (in /etc/ssl/certs/b1f33eb6.0), but curl-config --ca points elsewhere: /usr/local/share/certs/ca-root-nss.crt

I have a workaround by setting CURLOPT_CAPATH:

--- dyndns.class.old    2021-05-28 04:35:21.000000000 -0700
+++ dyndns.class        2021-12-13 15:01:34.967570000 -0800
@@ -946,6 +946,7 @@
                                                }
                                                if ($this->_curlSslVerifypeer) {
                                                        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE);
+                                                       curl_setopt($ch, CURLOPT_CAPATH, "/etc/ssl/certs/");
                                                } else {
                                                        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
                                                }

However, I am not sure this workaround is a true fix, since I think this option completely changes the search path (rather than appending).