Prosody seems to be unable to find the root certificates that are installed by the ca_root_nss port and consequently connections secure connections to other servers fail. Also if the capath option (see https://prosody.im/doc/certificates#specify_trusted_certificate_store) does not work and seems to be ignored.
If the cafile option (https://prosody.im/doc/advanced_ssl_config#cafile) is used instead and pointed to the file, prosody works fine.
The disadvantage of the latter is that the actual file hast to be modified if additional certificates are added. This wouldn't be necessary if capath would work and one could simply put additional certificates to that folder.
I see no obvious reason why capath isn't being honored — have you asked upstream?