|
@ -9,8 +9,25 @@ set +eux |
|
|
## Fixing: https://www.reddit.com/r/sysadmin/comments/pzags0/lets_encrypts_dst_root_ca_x3_expired_yesterday/ |
|
|
## Fixing: https://www.reddit.com/r/sysadmin/comments/pzags0/lets_encrypts_dst_root_ca_x3_expired_yesterday/ |
|
|
## see also: https://techcrunch.com/2021/09/21/lets-encrypt-root-expiry/?guccounter=1 |
|
|
## see also: https://techcrunch.com/2021/09/21/lets-encrypt-root-expiry/?guccounter=1 |
|
|
|
|
|
|
|
|
|
|
|
modified_certificate= |
|
|
|
|
|
mkdir -p /usr/local/share/ca-certificates/custom |
|
|
|
|
|
for certfile_name in isrgrootx1:ISRG_Root_X1 isrg-root-x2 lets-encrypt-r3; do |
|
|
|
|
|
certfile=${certfile_name%%:*} |
|
|
|
|
|
name=${certfile_name#*:} |
|
|
|
|
|
echo "Checking $certfile for $name" |
|
|
|
|
|
if ! [ -e "/usr/local/share/ca-certificates/custom/$certfile".crt ] && |
|
|
|
|
|
! [ -e "/etc/ssl/certs/$name.pem" ]; then |
|
|
|
|
|
wget --no-check-certificate https://letsencrypt.org/certs/"$certfile".pem \ |
|
|
|
|
|
-O "/usr/local/share/ca-certificates/custom/$certfile".crt |
|
|
|
|
|
modified_certificate=1 |
|
|
|
|
|
fi |
|
|
|
|
|
done |
|
|
|
|
|
|
|
|
if grep "^mozilla/DST_Root_CA_X3.crt" /etc/ca-certificates.conf 2>/dev/null 2>&1; then |
|
|
if grep "^mozilla/DST_Root_CA_X3.crt" /etc/ca-certificates.conf 2>/dev/null 2>&1; then |
|
|
sed -ri 's%^(mozilla/DST_Root_CA_X3.crt)%!\1%g' /etc/ca-certificates.conf && |
|
|
|
|
|
|
|
|
sed -ri 's%^(mozilla/DST_Root_CA_X3.crt)%!\1%g' /etc/ca-certificates.conf |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
if [ -n "$modified_certificate" ]; then |
|
|
update-ca-certificates |
|
|
update-ca-certificates |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|