@@ -49,3 +49,8 @@ RUN apt-get update && \
apt-get autoremove -y && \
apt-get clean && \
rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/*
+
+# Remove expired certificate that Let's Encrypt certificates used to relie on.
+# (Not needed anymore)
+RUN sed -i '/mozilla\/DST_Root_CA_X3\.crt/d' /etc/ca-certificates.conf && \
+ update-ca-certificates
@@ -48,3 +48,8 @@ RUN apt-get update && \
apt-get autoremove -y && \
apt-get clean && \
rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/*
+
+# Remove expired certificate that Let's Encrypt certificates used to relie on.
+# (Not needed anymore)
+RUN sed -i '/mozilla\/DST_Root_CA_X3\.crt/d' /etc/ca-certificates.conf && \
+ update-ca-certificates
@@ -49,3 +49,8 @@ RUN apt-get update && \
apt-get autoremove -y && \
apt-get clean && \
rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/*
+
+# Remove expired certificate that Let's Encrypt certificates used to relie on.
+# (Not needed anymore)
+RUN sed -i 's#mozilla/DST_Root_CA_X3\.crt#!\0#' /etc/ca-certificates.conf && \
+ update-ca-certificates
While the Let's Encrypt root certificate ISRG_Root_X1.crt is already present, openssl seems to still check for the root certificate DST_Root_CA_X3.crt which has expired. This prevent https connections. Removing DST_Root_CA_X3 fix the issue. Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> --- Notes: v2: - remove unneeded changes to CentOS containers automation/build/debian/jessie-i386.dockerfile | 5 +++++ automation/build/debian/jessie.dockerfile | 5 +++++ automation/build/ubuntu/trusty.dockerfile | 5 +++++ 3 files changed, 15 insertions(+)