#!/bin/bash set +eux ## Certificate DST_Root_CA-X3 expired, it needs to be removed ## from list of available certificates. Debian <10 have the issue. ## ## Fixing: https://www.reddit.com/r/sysadmin/comments/pzags0/lets_encrypts_dst_root_ca_x3_expired_yesterday/ ## see also: https://techcrunch.com/2021/09/21/lets-encrypt-root-expiry/?guccounter=1 modified_certificate= mkdir -p /usr/local/share/ca-certificates/custom for certfile_name in isrgrootx1:ISRG_Root_X1 isrg-root-x2 lets-encrypt-r3; do certfile=${certfile_name%%:*} name=${certfile_name#*:} echo "Checking $certfile for $name" if ! [ -e "/usr/local/share/ca-certificates/custom/$certfile".crt ] && ! [ -e "/etc/ssl/certs/$name.pem" ]; then wget --no-check-certificate https://letsencrypt.org/certs/"$certfile".pem \ -O "/usr/local/share/ca-certificates/custom/$certfile".crt modified_certificate=1 fi done if grep "^mozilla/DST_Root_CA_X3.crt" /etc/ca-certificates.conf 2>/dev/null 2>&1; then sed -ri 's%^(mozilla/DST_Root_CA_X3.crt)%!\1%g' /etc/ca-certificates.conf fi if [ -n "$modified_certificate" ]; then update-ca-certificates fi ## We can now do the ``apt-get update`` safely... apt-get update apt-get -y install bash-completion wget bzip2 git-core \ less tmux mosh \ sudo git vim file /dev/null 2>&1 || apt-get install -y lsb-release /dev/null && [ -x /usr/sbin/locale-gen ]; then echo "Your shell is incorrectly set as your PATH doesn't contain '/usr/sbin'." >&2 echo "This probably happens because you've incorrectly entered root environment" >&2 echo "Please use 'sudo -i' or 'su -' to enter a root shell from another user." >&2 echo " ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918754" exit 1 fi sed -ri 's/^\s*#\s*(en_US\.UTF-?8.*)\s*$/\1/g' /etc/locale.gen locale-gen ;; esac YQ_VERSION=4.27.3 if ! type -p "yq" 2>/dev/null || ! version_line=$(yq --version) || [[ "${version_line}" != *"${YQ_VERSION}" ]]; then wget "https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/yq_linux_amd64" \ -O /usr/local/bin/yq && chmod +x /usr/local/bin/yq fi