Travis CI Linux hosts certificate store not up to date

Hi, I recently ran into an issue when trying to download the Hashicorp Terraform binary from within a Travis CI build job. The error I am getting is the following:

0.06s$ wget"$TF_VERSION"/terraform_"$TF_VERSION"

625--2022-05-26 05:12:59--

626Resolving (,,, ...

627Connecting to (||:443... connected.

628ERROR: cannot verify's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=R3’:

629 Issued certificate has expired.

630To connect to insecurely, use `--no-check-certificate'.

Link to the build job: Travis CI - Test and Deploy with Confidence

After raising the issue with Hashicorp itself ('s certificate expired · Issue #31135 · hashicorp/terraform · GitHub) we came to realize that the issue seems to be sourcing in the truststore used in the Travis Host systems which seems to be using old LE intermediate certs resulting into any attempt to download assets from Hashicorp failing due to the cert stored in the truststore being expired. More info in this comment:'s certificate expired · Issue #31135 · hashicorp/terraform · GitHub

I could add to the wget command the --no-check-certificate flag to get unblocked but that would reduce the security posture which is not desirable. So hoping that the cert store can be updated accordingly to fix the issue.

Any help here would be much appreciated.



I have already replied to your support request but would like to mention it here as well. I do recommend using the newer Ubuntu distribution as follows:


Travis CI Staff

Thanks a lot! that did the trick, really appreciate the quick fix and the contribution to the repo!