In <list-11170016@2rosenthals.com>, on 10/26/24
    at 10:59 AM, "Massimo S." <ecs-isp@2rosenthals.com> said:

Hi Massimo,

depth=1 C = US, O = Let's Encrypt, CN = R11
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = acme-v02.api.letsencrypt.org
verify return:1
CONNECTED(00000003)
---
Certificate chain
  0 s:CN = acme-v02.api.letsencrypt.org
    i:C = US, O = Let's Encrypt, CN = R11
  1 s:C = US, O = Let's Encrypt, CN = R11
    i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 ---
Server certificate
subject=CN = acme-v02.api.letsencrypt.org

issuer=C = US, O = Let's Encrypt, CN = R11

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3310 bytes and written 412 bytes
Verification error: unable to get local issuer certificate

As I suspected you have a local conifiguration problem.  

Testing here
reports

snip...

-----END CERTIFICATE-----
subject=CN = acme-v02.api.letsencrypt.org
issuer=C = US, O = Let's Encrypt, CN = R10

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3309 bytes and written 412 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

snip...

p11-kit-trust package available, but not installed
should i install it?

I cannot see any reason not to.

Steven