Update cacerts to 2021-09-30
Compare changes
Files
2File renamed with no changes. Show file contents
LetsEncrypt depended on the DST Root CA X3 cert that expired in September. Clients need to trust the ISRG Root X1 for LetsEncrypt to function. The previous certs did include the X1 cert, but this update removes the expired X3 cert.
This doesn't necessarily solve the LetsEncrypt issues since OpenSSL v1.1.1 defaults to finding the first trusted chain, but we should keep these certs up-to-date.
Relates to gitlab#342326 (closed)
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion
trigger-package
has a green pipeline running against latest commit