Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

pfsense dynamic DNS Client not working and how to solve it.
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

pfsense dynamic DNS Client not working and how to solve it.

I have a pfsense box which has a Dynamic DNS Client running, it works fine until recently, in the logfile there is an error message:

/services_dyndns_edit.php: Curl error occurred: SSL certificate problem: certificate has expired

The problem is related to letsencrypt DST Root CA X3 Expiration. It only causes problems for clients using old CAs, in this case, the curl used to update Dynamic DNS.

I think there are two methods can solve it:
1: the website owner changes letsencrypt certs to certs of other providers, after this, no client side action is required.

2: If the website owner does not change, as pfsense's dynamic DNS provider, user can solve it by update their client-side CAs as the following:

Pfsense is using freebsd, the path to CA file is: /usr/local/share/certs/ca-root-nss.crt, it should be replace with the good CA file.

1: go to and download
2: backup the old ca-root-nss.crt file, then move cacert.pem to /usr/local/share/certs/ and rename it to ca-root-nss.crt.

after this, Curl works fine and the problem vanished. I have no other systems to test this, but it might give some hints to solve similar problems.

Thanked by 1karjaj
Sign In or Register to comment.