You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Ideally, Certbot should perform it's normal behavior of validating servers' certificates when connecting to Pebble in the Molecule test environment. Since Pebble's certificate is self-signed, it should be installed as a custom root CA. This can normally be done as part of prepare.yml:
- name: Allow local ACME to use a custom root CA
# https://github.com/letsencrypt/pebble#avoiding-client-https-errors
copy:
src: pebble.minica.pem
dest: /usr/local/share/ca-certificates/pebble.minica.crt
register: crt_result
- name: Register custom root CAs
command: update-ca-certificates
when: crt_result.changed # noqa 503
However, snap apps use snap's own copy of root CAs (rather than deferring to the OS's configuration), and snap refuses to support a proper way to modify or extend its internal set of root CAs. For further upstream reports of this issue, see:
Ideally, Certbot should perform it's normal behavior of validating servers' certificates when connecting to Pebble in the Molecule test environment. Since Pebble's certificate is self-signed, it should be installed as a custom root CA. This can normally be done as part of
prepare.yml:However, snap apps use snap's own copy of root CAs (rather than deferring to the OS's configuration), and snap refuses to support a proper way to modify or extend its internal set of root CAs. For further upstream reports of this issue, see:
Attempting to bind mount
/etc/sslover/snap/core/current/etc/ssl/does not resolve the issue.As a workaround, we add the
no-verify-ssloption to{{ ansible_user_dir }}/.config/letsencrypt/cli.iniinstead.The text was updated successfully, but these errors were encountered: