Skip to content

Update cacerts to 2021-09-30

Stan Hu requested to merge sh-update-cacerts-20210930 into master

What does this MR do?

LetsEncrypt depended on the DST Root CA X3 cert that expired in September. Clients need to trust the ISRG Root X1 for LetsEncrypt to function. The previous certs did include the X1 cert, but this update removes the expired X3 cert.

This doesn't necessarily solve the LetsEncrypt issues since OpenSSL v1.1.1 defaults to finding the first trusted chain, but we should keep these certs up-to-date.

Related issues

Relates to gitlab#342326 (closed)

Checklist

See Definition of done.

For anything in this list which will not be completed, please provide a reason in the MR discussion

Required

  • Merge Request Title, and Description are up to date, accurate, and descriptive
  • MR targeting the appropriate branch
  • MR has a green pipeline on GitLab.com
  • Pipeline is green on dev.gitlab.org if the change is touching anything besides documentation or internal cookbooks
  • trigger-package has a green pipeline running against latest commit

Expected (please provide an explanation if not completing)

  • Test plan indicating conditions for success has been posted and passes
  • Documentation created/updated
  • Tests added
  • Integration tests added to GitLab QA
  • Equivalent MR/issue for the GitLab Chart opened
Edited by Stan Hu

Merge request reports

Loading