pfsense dynamic DNS Client not working and how to solve it.

Idling

I have a pfsense box which has a Dynamic DNS Client running, it works fine until recently, in the logfile there is an error message:

/services_dyndns_edit.php: Curl error occurred: SSL certificate problem: certificate has expired

The problem is related to letsencrypt DST Root CA X3 Expiration. It only causes problems for clients using old CAs, in this case, the curl used to update Dynamic DNS.

I think there are two methods can solve it:
1: the website owner changes letsencrypt certs to certs of other providers, after this, no client side action is required.

2: If the website owner does not change, as pfsense's dynamic DNS provider, user can solve it by update their client-side CAs as the following:

Pfsense is using freebsd, the path to CA file is: /usr/local/share/certs/ca-root-nss.crt, it should be replace with the good CA file.

1: go to https://curl.se/docs/caextract.html and download https://curl.se/ca/cacert.pem.
2: backup the old ca-root-nss.crt file, then move cacert.pem to /usr/local/share/certs/ and rename it to ca-root-nss.crt.

after this, Curl works fine and the problem vanished. I have no other systems to test this, but it might give some hints to solve similar problems.