Issue
I'm running debian 9 in my docker container and today I was not able to update root certificate for Lets encrypt inside container. On host Ubuntu 20 everything worked without any my intervention, but on my debian container I was not able to get new root Lets Encrypt certificate, only recreation container from scratch helped. I tried update-ca-certificates --fresh
, but it didn't help. Any ideas?
Due this issue request from inside container towards https services with Lets Encrypt certificate failed with "SSL certificate problem: certificate has expired", because root certificate of Lets Encrypt expired today (September 30, 2021)
Solution
Try first to remove the old certificate from your list in /etc/ca-certificates.conf:
sed -i 's#mozilla\/DST_Root_CA_X3.crt#!mozilla\/DST_Root_CA_X3.crt#g' /etc/ca-certificates.conf
update-ca-certificates --fresh
Answered By - Tibo