On 11/06/2020 18:34, Michael Borg wrote: > Yep I know but I cannot tell all my customers to run this workaround, some > of our users are not experienced at all.... The only thing I see here is > that I need to provide a hotfix ourselves. We cannot wait for days... You > are saying we cannot make an exception and push this fix ASAP?
Pushing packages to Debian takes time. If you need something for today you need to fix it yourself. You can downgrade to the old version of the package ca-certificates or install the missed certificate manually This recipe allows to do that: wget --no-check-certificate -c https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Global_CA.pem \ && mkdir /usr/local/share/ca-certificates/extra \ && mv GeoTrust_Global_CA.pem /usr/local/share/ca-certificates/extra/GeoTrust_Global_CA.crt \ && update-ca-certificates And when you upgrade to the fixed version of ca-certificates you can remove the directory /usr/local/share/ca-certificates/extra and run the command update-ca-certificates again.
signature.asc
Description: OpenPGP digital signature