Good news! My problem is solved. > From the ca-certificates-letsencrypt-2.50-3 announcement: > > > It may be necessary to also remove trust for the already expired DST > > X3 root CA > > I'm still trying to figure out _how_ to do this, although I'm not sure > whether it should help my situation. I'll report back with the result.
This did the trick. Regarding the outdated version of GnuTLS available in Cygwin, I see that these trust anchor changes constitute a workaround. Furthermore, I see that ca-certificates-2.50-4 and ca-certificates-letsencrypt-2.50-4 were released, which automate the above quoted process. Very nice! My final question would be if ca-certificates-letsencrypt will eventually be merged into ca-certificates? I am now happily browsing the web again in Cygwin Emacs. Thank you to this mailing list and those in IRC who helped me debug the problem. I learned a lot about certificate trust chains in the process! -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
