Docker: T3911: invalidate old LetsEncrypt CA

author: Christian Poessinger <christian@poessinger.com> 2021-10-17 09:36:20 +0200
committer: Christian Poessinger <christian@poessinger.com> 2021-10-17 09:40:08 +0200
commit: 72226d89e917d9aa5744e54e3d75ae166e12dc36 (patch)
tree: 754b9f0635f23190b870cdabb13089f78bd006ca /docker
parent: c0dc0f5578df83c762f15a6073cb863ca4a6a0d8 (diff)
download: vyos-build-72226d89e917d9aa5744e54e3d75ae166e12dc36.tar.gz
vyos-build-72226d89e917d9aa5744e54e3d75ae166e12dc36.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 238229d0..221de785 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -73,6 +73,15 @@ RUN apt-get update && apt-get install -y \
       grub2
 
 #
+# The LetsEncrypt root certificate expired - we need to install the new ones
+#
+RUN apt-get update && apt-get install -y ca-certificates
+# Un-trust the old certificate
+RUN sed -i '/^mozilla\/DST_Root_CA_X3/s/^/!/' /etc/ca-certificates.conf
+# Update CA store
+RUN update-ca-certificates
+
+#
 # Setup Debian Jessie Backports repository
 #
 COPY no--check-valid-until /etc/apt/apt.conf.d/
author	Christian Poessinger <christian@poessinger.com>	2021-10-17 09:36:20 +0200
committer	Christian Poessinger <christian@poessinger.com>	2021-10-17 09:40:08 +0200
commit	72226d89e917d9aa5744e54e3d75ae166e12dc36 (patch)
tree	754b9f0635f23190b870cdabb13089f78bd006ca /docker
parent	c0dc0f5578df83c762f15a6073cb863ca4a6a0d8 (diff)
download	vyos-build-72226d89e917d9aa5744e54e3d75ae166e12dc36.tar.gz vyos-build-72226d89e917d9aa5744e54e3d75ae166e12dc36.zip