Hello. We today had issue this morning. We resolved it, but I think it should also be somehow resolved on drone side.
We use drone in our CI. We have a custom github repo, protected by Let’s Encrypt certificate.
This morning, Let’sEncrypt original root certificate expired. This caused some old and misconfigured SSL clients to fail. For example, old Ubuntu 14 (Trusty) cannot connect to LE websites. As cannot any Electron app, including VSCode or postman, that cannot now (until update) connect to LE websites.
github dot com/microsoft/vscode/issues/134244
github dot com/electron/electron/pull/31213
github dot com/postmanlabs/postman-app-support/issues/10338
(I cannot paste links for some reason as a new user)
We hit an issue that suddenly, we were not able to clone from our git repository, because we saw
fatal: unable to access '<URL>': SSL certificate problem: certificate has expired
After long look inside of drone source code, we figured out that drone uses an image
drone/git - from here - Docker Hub and it used cached version from 2 years ago, when we first installed drone, which used some ancient base image that was cached in docker cache. That old image could not connect to pages with LE certificates. (Same issue with old Ubuntu, etc.)
docker pull drone/git:latest in the outside machine fixed that.
So, for anyone having this issue, do that (update
drone/git in docker in the outer machine).
I think this can be fixed in drone itself, that drone will itself make sure, that
drone/git is always up to date. We were using ancient cached
drone/git, which we did not even know exists at all; it was never updated with any drone update.
I am not sure if this should be ensured on drone update, or just on every time cloning happens, or periodically. But it became an issue now, because we were unable to use drone for a day because of docker image we had no idea existed, and that it needs to be updated.