Closed abmusse closed 4 years ago
Original comment by Kevin Adler (Bitbucket: kadler, GitHub: kadler).
Best is going to be a combination of p11-kit and update-ca-certificates along with the Mozilla root certs. This is exactly what SUSE does and probably other Linux distros.
Original comment by Aaron Bartell (Bitbucket: aaronbartell, GitHub: aaronbartell).
What I do is download the cacerts from curl's website. I put it in ~/certs/cacert.pem
and then run commands as follows:
$ CURL_CA_BUNDLE=~/certs/cacert.pem le issue /www/mysite/htdocs/letsencrypt mysite.com
The best solution would be to figure out where git/curl/wget/etc are looking for certs by default and then put together directions to symlink our way to them all working. Once we have the symlinks setup we just need to wget https://curl.haxx.se/ca/cacert.pem
to the symlink'd directory and everything should be snappy.
@ThePrez Once we ship ca-certs should copy the certs over as part of the minimal chroot install?
We now ship ca-certificates-mozilla which solves this issue.
$ yum install ca-certificates-mozilla
Original report by Justin Dearing (Bitbucket: zippy1981, GitHub: zippy1981).
If I try to clone a https git url I get the following:
The solution of course is to grab ca-certificates.crt from a linux box or git for windows. The better solution would be if we made an RPM for the ssl certs.
I tried grabbing the fedora RPM sources for the mozilla root certs. Discovered that rpm 3.0.5 won't build that spec. So before I go down the rabbit hole of building RPM 4 on PASE I figured I'd ask here what the best way to proceed would be?