readthedocs.org: Invalid certificates (Let's Encrypt related)

Probably due to the fact that the Let’s Encrypt root certificate expired on 30 September 2021, trying to pull from many non-Github repositories leads to server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none. Would it be possible to update the certificates to resolve this? This is for instance an issue when using submodules that are not hosted on GitHub.

About this issue

Original URL
State: closed
Created 3 years ago
Reactions: 5
Comments: 16 (9 by maintainers)

Commits related to this issue

Build: update ca-certificates before cloning This is a temporal solution while we decide how to fix the real problem. For now, we are installing a newer version of `ca-certificates` before starting t... — committed to readthedocs/readthedocs.org by humitos 3 years ago
Release `ubuntu-20.04-2022.02.16` This Docker image does not contain any change in the Dockerfile. However, as it re-builds completely new versions of the same packages will be installed. We are for... — committed to readthedocs/readthedocs-docker-images by humitos 2 years ago

Most upvoted comments

I can confirm that the hotfix fixed our project build. Thanks a lot everyone!

guigomcha on Oct 6, 2021

We deployed a quick and temporal fix for now. Please, let us know if you still have issues with the certificates. Thanks!

humitos on Oct 5, 2021

xref https://stackoverflow.com/q/69439345/554319

astrojuanlu on Oct 5, 2021

However, we can easily rebuild our latest one (readthedocs/build:ubuntu-20.04) with the latest ca-certificates version (20210119~20.04.2) installed and tell users to define this image on their config file.

Wouldn’t that introduce a chicken and egg problem whereby the repo needs to be able to be cloned so that the configuration required to clone the repo can be read?

rjw57 on Oct 4, 2021