vyos/vyos-build
1
0
Fork 0
mirror of https://github.com/vyos/vyos-build.git synced 2025-10-01 20:28:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Docker: T3911: invalidate old LetsEncrypt CA

Browse Source
This commit is contained in:
Christian Poessinger 2021-10-17 09:36:20 +02:00
parent c0dc0f5578
commit 72226d89e9
2 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
data/live-build-config/hooks/live/00-update-letsencrypt-root-ca.chroot Executable file
View File

@ -0,0 +1,7 @@
#!/bin/sh
echo I: Un-trust old LetsEncrypt root
sed -i '/^mozilla\/DST_Root_CA_X3/s/^/!/' /etc/ca-certificates.conf
echo I: Update CA certificates
update-ca-certificates

9
docker/Dockerfile
View File

@ -72,6 +72,15 @@ RUN apt-get update && apt-get install -y \
jq \ jq \
grub2 grub2
#
# The LetsEncrypt root certificate expired - we need to install the new ones
#
RUN apt-get update && apt-get install -y ca-certificates
# Un-trust the old certificate
RUN sed -i '/^mozilla\/DST_Root_CA_X3/s/^/!/' /etc/ca-certificates.conf
# Update CA store
RUN update-ca-certificates
# #
# Setup Debian Jessie Backports repository # Setup Debian Jessie Backports repository
# #