To my surprise, the ca-bundle.crt file on the Roku 1 is NOT the same as the file with the same name on the Roku 2. And the important difference for me is it was missing the "Go Daddy Root Certificate Authority - G2" but this is included in the file on newer Roku models.
The solution was to download the ca-bundle.crt file from the Roku 2 (which I named /certs/roku-common-certs.pem) and include this in my package and then refer to that file in my SetCertificatesFile command. So my new command refers to that local file like this:
Anyway, just wanted to post this in case anyone else was having a similar issue. It would be awesome if Roku could update the common:/certs/ca-bundle.crt file on the Roku 1 players. The Go Daddy certificate we're using I've got to believe is pretty common.
Re: Go Daddy Root Cert missing on Roku XD (Roku 1)
thank you, @tmachine - that's useful info. Legacy Rokus (model < 2200) haven't seen much love in years. FYI - in case you haven't heard, apparently there was email recently to selected few that the Co. will be actively discontinuing the fw3 devices.