Public bug reported:
While using debian-installer to install Ubuntu Focal, I get the
following error:
May 16 22:02:41 base-installer: Certificate verification failed:
The certificate is NOT trusted. The certificate chain uses expired
certificate. Could not handshake: Error in the certificate
verification. [IP: 129.59.59.10 443]
There was an issue in 2021, where the "DST_Root_CA_X3.crt" certificate
used by Let's Encrypt expired.
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-
september-2021/
The problem is that the certificate is still included in the "ca-
certificates_20190110ubuntu1_all.deb" that debian-installer fetches
during install.
May 16 22:02:17 debootstrap: Preparing to unpack
.../ca-certificates_20190110ubuntu1_all.deb ...
May 16 22:02:17 debootstrap: Unpacking ca-certificates (20190110ubuntu1) ...
May 16 22:02:31 debootstrap: Setting up ca-certificates (20190110ubuntu1)
...
May 16 22:02:40 debootstrap: Processing triggers for ca-certificates
(20190110ubuntu1) ...
May 16 22:02:40 debootstrap: Running hooks in
/etc/ca-certificates/update.d...
Because the certificate is expired, debian-installer dies with:
May 16 22:02:41 base-installer: Certificate verification failed: The
certificate is NOT trusted. The certificate chain uses expired certificate.
Could not handshake: Error in the certificate verification. [IP: 129.59.59.10
443]
te is NOT trusted. The certificate chain uses expired certificate. Could not
handshake: Error in the certificate verification. [IP: 129.59.59.10 443]
Can Ubuntu update the ca-certificate .deb pulled during install to one
that does not have DST_Root_CA_X3.crt? Thanks.
** Affects: ca-certificates (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ca-certificates in Ubuntu.
https://bugs.launchpad.net/bugs/1973654
Title:
Using debian-installer on a server with a Let's Encrypt cert dies
Status in ca-certificates package in Ubuntu:
New
Bug description:
While using debian-installer to install Ubuntu Focal, I get the
following error:
May 16 22:02:41 base-installer: Certificate verification failed:
The certificate is NOT trusted. The certificate chain uses expired
certificate. Could not handshake: Error in the certificate
verification. [IP: 129.59.59.10 443]
There was an issue in 2021, where the "DST_Root_CA_X3.crt" certificate
used by Let's Encrypt expired.
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-
september-2021/
The problem is that the certificate is still included in the "ca-
certificates_20190110ubuntu1_all.deb" that debian-installer fetches
during install.
May 16 22:02:17 debootstrap: Preparing to unpack
.../ca-certificates_20190110ubuntu1_all.deb ...
May 16 22:02:17 debootstrap: Unpacking ca-certificates (20190110ubuntu1)
...
May 16 22:02:31 debootstrap: Setting up ca-certificates (20190110ubuntu1)
...
May 16 22:02:40 debootstrap: Processing triggers for ca-certificates
(20190110ubuntu1) ...
May 16 22:02:40 debootstrap: Running hooks in
/etc/ca-certificates/update.d...
Because the certificate is expired, debian-installer dies with:
May 16 22:02:41 base-installer: Certificate verification failed: The
certificate is NOT trusted. The certificate chain uses expired certificate.
Could not handshake: Error in the certificate verification. [IP: 129.59.59.10
443]
te is NOT trusted. The certificate chain uses expired certificate. Could not
handshake: Error in the certificate verification. [IP: 129.59.59.10 443]
Can Ubuntu update the ca-certificate .deb pulled during install to one
that does not have DST_Root_CA_X3.crt? Thanks.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1973654/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
