Can't get certificates from private ACME server

[feld]

When running chef-client on FreeBSD, if I attempt to get a certificate from a private ACME server it will always fail as the certificate verification fails. The root CA has already been trusted system-wide on FreeBSD, but the HTTP client (Faraday?) does not use the OS's trust store it seems?

I can get around it by editing libraries/acme.rb to not verify certificates when talking to the ACME server which is not the worst thing, but it works for now.

-  @client = Acme::Client.new(private_key: private_key, directory: directory)
+  @client = Acme::Client.new(private_key: private_key, directory: directory, connection_options: { ssl: { verify: false } })