The Let's Encrypt Update

Photo of Andy Doan

Posted on Oct 5, 2021 by Andy Doan

2 min read

On September 30, Let's Encrypt's original root certificate expired. All of our customer-facing HTTPS services have certificates signed by Let's Encrypt. As can be expected, there were a few hiccups along the way. If you are experiencing issues with services on Foundries.io please take a look below and see if this corrects your issue. If this does not resolve your issue do not hesitate to reach out to our support team via our support portal.

The short version of the story is that any tool connecting a service signed by Let's Encrypt needs to update their operating system's trusted CA certificates list. E.g. on Ubuntu:

  $ apt-get update && apt-get install openssl ca-certificates

This issue manifests itself in different ways. The main way our customers see this is when they do Git interactions with source.foundries.io. Git uses libcurl which uses ca-certificates.

Another way customers have hit problems is with Foundries containers such as the lmp-sdk. We had to build a new version of that container to pull in the updated ca-certificates package. Customers will need to run:

$ docker pull hub.foundries.io/lmp-sdk

To get a new container image that can repo-sync with source.foundries.io.

This issue can vary based on the environment you work in, but the solution is the same. Your environment's CA certificates need to be updated.

Related posts