Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Travis CI Linux hosts certificate store not up to date #349

Closed
2 tasks done
dikhan opened this issue Jun 9, 2022 · 1 comment · Fixed by #348
Closed
2 tasks done

Travis CI Linux hosts certificate store not up to date #349

dikhan opened this issue Jun 9, 2022 · 1 comment · Fixed by #348
Assignees
@dikhan
Labels
bug

Comments

@dikhan
Copy link
Owner

dikhan commented Jun 9, 2022

Describe the bug

Recently ran into an issue when trying to download the Hashicorp Terraform binary from within a Travis CI build job. The error I am getting is the following:

0.06s$ wget https://releases.hashicorp.com/terraform/"$TF_VERSION"/terraform_"$TF_VERSION"_linux_amd64.zip
625--2022-05-26 05:12:59-- https://releases.hashicorp.com/terraform/0.13.6/terraform_0.13.6_linux_amd64.zip
626Resolving releases.hashicorp.com (releases.hashicorp.com)... 151.101.2.133, 151.101.66.133, 151.101.130.133, ...
627Connecting to releases.hashicorp.com (releases.hashicorp.com)|151.101.2.133|:443... connected.
628ERROR: cannot verify releases.hashicorp.com's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=R3’:
629 Issued certificate has expired.
630To connect to releases.hashicorp.com insecurely, use `--no-check-certificate'.

Link to the build job: Travis CI - Test and Deploy with Confidence

After raising the issue with Hashicorp itself (releases.hashicorp.com's certificate expired · Issue #31135 · hashicorp/terraform · GitHub) we came to realize that the issue seems to be sourcing in the truststore used in the Travis Host systems which seems to be using old LE intermediate certs resulting into any attempt to download assets from Hashicorp failing due to the cert stored in the truststore being expired. More info in this comment: releases.hashicorp.com's certificate expired · Issue #31135 · hashicorp/terraform · GitHub

I could add to the wget command the --no-check-certificate flag to get unblocked but that would reduce the security posture which is not desirable. So hoping that the cert store can be updated accordingly to fix the issue.

More info here: #347 (comment)

To Reproduce

Builds are currently not working due to the aforementioned error.

Expected behaviour

Build are working again.

Additional context

Add any other context about the problem here.

Checklist (for admin only)

Don't forget to go through the checklist to make sure the issue is created properly:

  • I have added a corresponding label (bug) to the issue (right side menu)
  • I have added this issue to the 'API Terraform Provider' GitHub project (right side menu)
@dikhan dikhan self-assigned this Jun 9, 2022
@dikhan dikhan mentioned this issue Jun 9, 2022
Merged
16 tasks
@dikhan
Copy link
Owner Author

dikhan commented Jun 9, 2022

Fixed as part of #348

@dikhan dikhan closed this as completed Jun 9, 2022
@dikhan dikhan added the bug label Jun 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dikhan dikhan

Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update .travis.yml mustafaergul/terraform-provider-openapi
1 participant
@dikhan