search

dikhan / terraform-provider-openapi

OpenAPI Terraform Provider that configures itself at runtime with the resources exposed by the service provider (defined in a swagger file)
Apache License 2.0
275 stars 48 forks source link

Travis CI Linux hosts certificate store not up to date #350

Closed dikhan closed 2 years ago

dikhan commented 2 years ago

Describe the bug

Recently ran into an issue when trying to download the Hashicorp Terraform binary from within a Travis CI build job. The error I am getting is the following:

0.06s$ wget https://releases.hashicorp.com/terraform/"$TF_VERSION"/terraform_"$TF_VERSION"_linux_amd64.zip
625--2022-05-26 05:12:59-- https://releases.hashicorp.com/terraform/0.13.6/terraform_0.13.6_linux_amd64.zip
626Resolving releases.hashicorp.com (releases.hashicorp.com)... 151.101.2.133, 151.101.66.133, 151.101.130.133, ...
627Connecting to releases.hashicorp.com (releases.hashicorp.com)|151.101.2.133|:443... connected.
628ERROR: cannot verify releases.hashicorp.com's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=R3’:
629 Issued certificate has expired.
630To connect to releases.hashicorp.com insecurely, use `--no-check-certificate'.

Link to the build job: Travis CI - Test and Deploy with Confidence

After raising the issue with Hashicorp itself (releases.hashicorp.com's certificate expired · Issue #31135 · hashicorp/terraform · GitHub) we came to realize that the issue seems to be sourcing in the truststore used in the Travis Host systems which seems to be using old LE intermediate certs resulting into any attempt to download assets from Hashicorp failing due to the cert stored in the truststore being expired. More info in this comment: releases.hashicorp.com's certificate expired · Issue #31135 · hashicorp/terraform · GitHub

I could add to the wget command the --no-check-certificate flag to get unblocked but that would reduce the security posture which is not desirable. So hoping that the cert store can be updated accordingly to fix the issue.

More info here: https://github.com/dikhan/terraform-provider-openapi/pull/347#issuecomment-1150868608

To Reproduce

Builds are currently not working due to the aforementioned error.

Expected behaviour

Build are working again.

Additional context

Add any other context about the problem here.

Checklist (for admin only)

Don't forget to go through the checklist to make sure the issue is created properly: