On Sun, Apr 11, 2021 at 04:41:11PM -0400, Leo Famulari wrote: > On Wed, Mar 17, 2021 at 03:36:44PM +0100, Ludovic Courtès wrote: > > (define (honor-x509-certificates store) > > "Use the right X.509 certificates for Git checkouts over HTTPS." > > (unless (honor-system-x509-certificates!) > > (honor-lets-encrypt-certificates! store))) > > > > By default, 1.2.0 installs ‘nss-certs’, so I would assume such > > installations are unaffected, right? > > So, the bug here is that `guix pull` is using the wrong certificate > store. It should use le-certs, but is instead ignoring le-certs, and > looking for a system-wide store that doesn't exist. > > I tested with an installer image from current master, and the bug still > exists. I checked and, although there have been some changes upstream at Let's Encrypt [0], our le-certs still works for contacting Savannah with TLS. [0] Some new root and intermediate certificates: https://letsencrypt.org/certificates/ Once we fix this bug, we should look into updating the le-certs package.