Shamil opened 3 years ago
|
|||||
Thanks for reporting. I tried reinstall certificates, but still can not clone. However use latest jdk8 image works. Will update the base image in next minor version. |
|||||
OneDev referenced from other issue 3 years ago
|
|||||
Thanks @robin - is there a way to force OneDev to use the new released helper version? |
|||||
There is not possible. Will release a new version to fix this soon. |
|||||
Robin Shen changed state to 'Closed' 2 years ago
|
|||||
Got fixed now in build onedev/server#1998 |
Type |
Bug
|
Priority |
Normal
|
Assignee | |
Affected Versions |
Issue Votes (0)
I'm facing issues with using lets encrypt and checking out code in the k8s-helper-linux image.
It fails with the following:
Further, I am aware that recently, the DST Root CA X3 has expired (https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/) and this is confirmed in the root chain:
It looks like the expired root cert is still served (after checking with openssl s_client) due to backwards compatibility with older clients (LetsEncrypt)
Looking at ca-certificates in the
k8s-helper-linux
image, it looks like an older version exists:This is likely an issue with the upstream OpenJDK JRE image.
It looks like the only way to get the latest ca-certs is to reinstall it:
After which the git clone inside the docker container works.