I recently ran into trouble accessing a web site from CircuitPython after they updated their SSL certificate. The new certificate refers to a root certificate from SSL.com which is not in the Adafruit list (data/roots.pem).

I was able to make it work by giving the correct root certificate to the SSL context, but it might be better to add this certificate to the supported list because I suspect it's the one that SSL.com is currently using to sign stuff, so this problem could show up more often going forward.

The root certificate in question is named "SSL.com TLS RSA Root CA 2022" and it's in the curl/Mozilla root list (https://curl.se/docs/caextract.html).

The web service I was having trouble with is https://ssd-api.jpl.nasa.gov/ (if you want to check the certificate chain).

Here's a writeup of how I dealt with the problem in my CircuitPython project: https://lenp.net/dev/cp-ssl-certs.html