Update README

This commit is contained in:
Basti 2021-11-25 19:37:48 -06:00
parent 5d8e98e4a9
commit 1e6c40b136
Signed by untrusted user: basti
GPG Key ID: 9F88009D31D99C72
1 changed files with 11 additions and 0 deletions

View File

@ -44,3 +44,14 @@ Install cookbooks listed in Berksfile:
Vendor installed cookbooks to the `cookbooks/` dir:
berks vendor cookbooks/ --delete
### "Expired" TLS certificates
If you encounter expired TLS certificates during a Chef run (e.g. for remote
files), the issue is likely that the certificate has been issued by Let's
Encrypt and Chef is still using its own, outdated CA cert store (see
[here](https://github.com/chef/chef/issues/12126#issuecomment-932067530) for
example).
As a hotfix, you can manually remove the "DST Root CA X3" cert from
`/opt/chef/embedded/ssl/cert.pem` on the machine you're trying to converge.