CAcert.org is no longer included by default in many major distributions. They were removed from Debian a while ago. And they also started using SHA-512 (?) signatures that don't work with some TLS stacks, notably GNU TLS.