|
Shamil opened 2 years ago
|
||||
|
Thanks for reporting. I tried reinstall certificates, but still can not clone. However use latest jdk8 image works. Will update the base image in next minor version. |
||||
|
OneDev referenced from other issue 2 years ago
|
||||
|
|
Thanks @robin - is there a way to force OneDev to use the new released helper version? |
||||
|
|
There is not possible. Will release a new version to fix this soon. |
||||
|
|
Robin Shen changed state to 'Closed' 2 years ago
|
||||
|
|
Got fixed now in build onedev/server#1998 |
| Type |
Bug
|
| Priority |
Normal
|
| Assignee | |
| Affected Versions |
Issue Votes (0)
Watchers (2)
I'm facing issues with using lets encrypt and checking out code in the k8s-helper-linux image.
It fails with the following:
Further, I am aware that recently, the DST Root CA X3 has expired (https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/) and this is confirmed in the root chain:
It looks like the expired root cert is still served (after checking with openssl s_client) due to backwards compatibility with older clients (LetsEncrypt)
Looking at ca-certificates in the
k8s-helper-linuximage, it looks like an older version exists:This is likely an issue with the upstream OpenJDK JRE image.
It looks like the only way to get the latest ca-certs is to reinstall it:
After which the git clone inside the docker container works.