Strongswan has a bug where it doesn't use all of the certificates provided in the certificate chain, and so for chains over a certain length it can't validate that the certificate is trusted. These sorts of chains are normal but it has been many years since Let's Encrypt has used them so some people are only hitting a problem recently. I think this recent thread has the most detail and links to the open issue they have:
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| IKEv2 (strongSwan) fails with Let's Encrypt YR2 chain (works with other servers / chain mismatch suspected) | 14 | 731 | June 19, 2026 | |
| Client can't connect ikev2 server | 3 | 146 | June 1, 2026 | |
| IKEv2/IPSec VPN client for Nobara Linux | 2 | 293 | November 2, 2024 | |
| Strange problem after september updates (IPSEC / revoked cert / let's enc chain) | 3 | 583 | October 4, 2021 | |
| strongSwan and X3 to R3 transition | 7 | 2932 | June 10, 2021 |