Hi!

I tried to update WinSCP 5.8.2 beta (build 6284) via "Check For Updates" but winscp.net has new Let's Encrypt certificate, so, it's failed because of certification trust. (look attachment)

Thanks for your report.
Is it Windows 10? What build?

I cannot reproduce the problem.

Does your web browser (which one?) trust the new certificate? Try the Edge or Internet Explorer too.

Windows 10 Pro, Version: 1511, OS Build: 10586.318 (I'm updating my OS).
Domain winscp.net in Google Chrome and Internet Explorer which use central "Trusted Root Certification Authorities" is trusted. (look attachment).
That is the weird thing...

Please try to connect to the https://winscp.net/, as if it were a WebDAV server and attach a Debug-2 level session log file.

Log in attachment.
The main lines:
2016-05-30 15:01:29.965 Doing SSL negotiation.
. 2016-05-30 15:01:30.169 ssl: Verify callback @ 1 => 20
. 2016-05-30 15:01:30.180 ssl: Verify failures |= 8 => 8
. 2016-05-30 15:01:30.214 Chain depth: 2
. 2016-05-30 15:01:30.225 ssl: Match common name 'winscp.net' against ''
. 2016-05-30 15:01:30.235 ssl: Match common name '<www.>winscp.net' against ''
. 2016-05-30 15:01:30.247 Identity match for '': bad
. 2016-05-30 15:01:30.259 ssl: Match common name 'Let's Encrypt Authority X3' against ''
. 2016-05-30 15:01:30.269 Identity match for '': bad
. 2016-05-30 15:01:30.280 ssl: Match common name 'winscp.net' against 'winscp.net'
. 2016-05-30 15:01:30.293 Identity match for 'winscp.net': good
. 2016-05-30 15:01:30.304 Verifying certificate for "winscp.net" with fingerprint cf:11:88:6b:8e:27:f6:09:ea:01:ab:c5:71:df:cc:03:0a:f7:f1:13 and 08 failures
. 2016-05-30 15:01:30.316 Certificate for "winscp.net" matches cached fingerprint and failures
. 2016-05-30 15:01:30.328 Using TLSv1.2, cipher TLSv1/SSLv3: ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
. 2016-05-30 15:01:30.340 Request sent; retry is 0.

I have sent you an email with a debug version of WinSCP to the address you have used to register on this forum.