SSL catch-22 on using custom FreeBSD package repository

Found myself in a Catch-22 situation. Since our package server is using SSL certicates by Let’s Encrypt which are not trusted by default in FreeBSD base system, causing error:

# pkg install vim-console
Updating custom repository catalogue…

Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3

34404218008:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/s3_clnt.c:1269:
Unable to update repository custom

Error updating repositories!

Normally the solution would be to install security/ca_root_nns. How-ever this fails since certificate cannot be trusted. To overwrite temporary disable the SSL validation ones to ensure the package get installed:

# env SSL_NO_VERIFY_PEER=1 pkg install ca_root_nss

One last remark; make sure the connection itself is not tampered while installing this package. Since you briefly expose a vector of attack, due to the disabling of the SSL verification. To circumvent this; 1) manually download the package 2) scp the package and 3) install it.