Certificate

[HansR]

I just helped somebody who had installed the CMX image. Everything well until he tried to do a https call (e.g. Windy upload) and failed.
The problem is the the disabling of the old certificate apparently has not been executed. Before creating a new image that should be done.

Code: Select all

sudo nano /etc/ca-certificates.conf
Put a ! in front of the line: /mozilla/DST_Root_CA_X3.crt
Save the file: Ctrl-X, y
sudo update-ca-certificates

[ConligWX]

I think that cert expired last year from what I remember. cant see this being CMX issue, unless using the Raspberry Pi image from the wiki downloads(?), its more likely the OS the user was using had not been updated in a while, if not ever.
users should still carry out updates on their OS from time to time.

the cert was to do with LetsEncrypt root cert if I am correct.

[HansR]

I think that cert expired last year from what I remember. cant see this being CMX issue, unless using the Raspberry Pi image from the wiki downloads(?), its more likely the OS the user was using had not been updated in a while, if not ever.
users should still carry out updates on their OS from time to time.

the cert was to do with LetsEncrypt root cert if I am correct.

Yes, I am very well aware of what the issue is. That is why I explicitly mention the installation was done through the CMX image which should contain the certification fix as the /etc/ca-certificates.conf is definitely an OS feature but delivered in this case as part of CMX (as is the whole OS).

This does not mean it immediately becomes a true CMX issue, but one might expect this certificate to be blocked as it causes e.g. Windy to be connected (and I believe any HTTPS call). Because the image is typically uses by lesser experienced users this really can become an issue.

[mcrossley]

I'll be updating the image for v3.16, I'll try and remember to update the certs....

[HansR]

I'll be updating the image for v3.16, I'll try and remember to update the certs....