SSL Root certifcate validation for Podcast plugin | Fixing the Breakage from the AddTrust External CA Root Expiration


Since few days, I have some podcasts that were perfectly working that cannot be played anymore due to certificate non validated.

It seems that one of the certificates has changed 4 days ago and that gnutls is not managing it properly.

Here the check on the ssl certficate for one of the concerned URL :

Related post that explains the issue :

So I think there is a need to do some updates on volumio to handle this otherwise we will have to wait for all servers using this certificate to hopefully fix it.



1 Like

Good find…

This should do the trick (for now! And as usual caveat emptor)

#!/usr/bin/env bash
# Patch certificates 

if [[ "$EUID" -ne 0 ]]; then
  echo "Please rerun as root"
  exit 1

if [[ -f /etc/ca-certificates.conf ]]; then
    sed -i "s|^mozilla/AddTrust_External_Root.crt$|# Disabling for now to fix Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020\n# mozilla/AddTrust_External_Root.crt|" /etc/ca-certificates.conf

I think this is not a good idea: any manual intervention will prevent updates to apply correctly

I also have some issues with this web radio

it used to works till few days ago, now I get some errors with certificate trying to play it

I would agree but I did the change in /etc/ca-certificates.conf anyway.
Difficult to negotiate with 4 and 6 years old children who wants their favorite podcast. :slight_smile: