How are people handling short lived certs and fleet (such as ACM or letsencrypt)?

If you provide the root to osquery will it verify?

LetsEncrypt is trusted by most CA stores, so no need to provide the root cert

IIRC osquery doesn't use the system roots on Windows though?

It doesn’t? That’s interesting and good to know

Ah, root CA was the part that I missed in my head.