Upgrade to 14.3 deleted certificates in /etc/ssl/certs

[von_Gaden]

Hi,

Soon after FreeBSD 14.3-RELEASE was officially launched I've upgraded one of my servers (running 14.2-RELEASE) via freebsd-update. I've noticed that all public keys stored by me in /etc/ssl/certs had vanished.
Today I hit the same issue with another server.
Is this a bug or I've missed something in the release / install notes?

 

[CyberCr33p]

I have noticed the same issue as well after upgrading to FreeBSD 14.3-RELEASE, though I perform upgrades via /usr/src rather than freebsd-update. My certificates under /etc/ssl/certs were also removed during the process. Going forward, I plan to move the certificates to /usr/local/etc/ssl/certs to avoid them being affected by future base system upgrades.

 

[Gamecreature]

Well same issue here. Restored the certificates from a .zfs snapshot. And also moved them to /usr/local/etc/ssl/certs to prevent future deletions.
I also didn't read this in the update notes. Didn't happen on the first update, but on a patch release. I really don't know why.

 

[sko]

/etc/ssl/certs is part of base and shouldn't hold user certificates. Actually it only contains symlinks to /usr/share/certs/trusted/*. You can re-create those symlinks via certctl rehash

User certificates should be added to /usr/local/share/certs or /usr/local/share/etc/ssl/certs. From there certctl will also pick them up when rebuilding the list of trusted certificates. (see certctl(8))