刷新让我们在 docker 容器中加密根 CA [英] Refresh Lets encrypt root CA in docker container
问题描述
我在我的 docker 容器中运行 debian 9,今天我无法更新 Lets encrypt 容器内的根证书.在主机 Ubuntu 20 上,一切正常,无需我的干预,但在我的 debian 容器上,我无法获得新的根 Lets Encrypt 证书,只有从头开始的娱乐容器有帮助.我尝试了 update-ca-certificates --fresh
,但没有帮助.有什么想法吗?
I'm running debian 9 in my docker container and today I was not able to update root certificate for Lets encrypt inside container. On host Ubuntu 20 everything worked without any my intervention, but on my debian container I was not able to get new root Lets Encrypt certificate, only recreation container from scratch helped. I tried update-ca-certificates --fresh
, but it didn't help. Any ideas?
由于 Lets Encrypt 证书从容器内部对 https 服务的此问题请求失败,并出现SSL 证书问题:证书已过期",因为 Lets Encrypt 的根证书今天已过期(2021 年 9 月 30 日)
Due this issue request from inside container towards https services with Lets Encrypt certificate failed with "SSL certificate problem: certificate has expired", because root certificate of Lets Encrypt expired today (September 30, 2021)
推荐答案
首先尝试从/etc/ca-certificates.conf 中的列表中删除旧证书:
Try first to remove the old certificate from your list in /etc/ca-certificates.conf:
sed -i 's#mozilla/DST_Root_CA_X3.crt#!mozilla/DST_Root_CA_X3.crt#g' /etc/ca-certificates.conf
update-ca-certificates --fresh
这篇关于刷新让我们在 docker 容器中加密根 CA的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!