[Devel] let's encrypt expired certificate
emanuele.aina at collabora.com
Sun Oct 3 22:27:24 CEST 2021
mark.janes at daimler.com wrote:
> If anyone is finding that atg-apertis-recipes cannot be used since Sep
> 30, we were able to work around by removing the following file after
> the debootstrap step:
Indeed, Friday has been a fun day. :)
We use Let's Encrypt for the TLS certificates of the server hosting our
packages and one of the CA certificates in the Let's Encrypt chain
expired. This should normally not be an issue since the chain is still
valid thanks to the presence of other signatures, but a bug in the
older GnuTLS version shipped in releases prior to v2022 causes it to
fail in these cases.
By dropping the expired CA certificates your workaround works
At the moment a updated ca-certificates package should be available in
all the affected branches, v2020 and v2021, and no workaround should be
It has been fun to fix because the bug caused our CI to fail as well,
so some manual tinkering has been needed. ;)
If anybody still faces similar issues please let us know!
Thank you again for you report!
More information about the devel