[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Expired cdimage.debian.org letsencrypt cert?



On 2021-12-26 at 13:43 +0100, SZÉPE Viktor wrote:
> Idézem/Quoting Mauricio Tavares <raubvogel@gmail.com>:
> 
> > raub@testbox:~$ wget
> > https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-11.2.0-amd64-netinst.iso
> > --2021-12-26 07:15:41--
> > https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-11.2.0-amd64-netinst.iso
> > Resolving cdimage.debian.org... 194.71.11.173, 194.71.11.165,
> > 2001:6b0:19::173, ...
> > Connecting to cdimage.debian.org|194.71.11.173|:443... connected.
> > ERROR: cannot verify cdimage.debian.org's certificate, issued by
> > '/C=US/O=Let\'s Encrypt/CN=R3':
> >   Issued certificate has expired.
> > To connect to cdimage.debian.org insecurely, use `--no-check-
> > certificate'..
> > raub@testbox:~$
> 
> Hello Mauricio!
> 
> Your CA-s may include an expired one.
> Try excluding mozilla/DST_Root_CA_X3.crt in /etc/ca-certificates.conf
> 

See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995432, Mauricio.
As Viktor says, you can put a ! in front of mozilla/DST_Root_CA_X3.crt
in /etc/ca-certificates.conf and run update-ca-certificates to update
the certificates

Not having the expired DST Root CA should make it able to find the
other, non-expired root.

Best regards



Reply to: