Update LetsEncrypt certs

hooks/containerbuild/debian/install-letsencrypt-ca

@@ -2,22 +2,27 @@
 
 set -e
 
-cat >> Dockerfile <<EOF
+DESTDIR=/usr/local/share/ca-certificates
-ENV DEBIAN_FRONTEND=noninteractive
+UPDATE_CERTS_CMD=update-ca-certificates
-RUN apt-get update && apt-get install --yes --no-install-recommends openssl ca-certificates
+CERTS="$(cat <<EOF
-
+https://letsencrypt.org/certs/isrgrootx1.pem
-ADD https://letsencrypt.org/certs/isrgrootx1.pem.txt /usr/local/share/ca-certificates/isrgrootx1.pem
+https://letsencrypt.org/certs/isrg-root-x2.pem
-ADD https://letsencrypt.org/certs/isrg-root-x2.pem  /usr/local/share/ca-certificates/isrg-root-x2.pem
+https://letsencrypt.org/certs/lets-encrypt-r3.pem
-ADD https://letsencrypt.org/certs/trustid-x3-root.pem.txt /usr/local/share/ca-certificates/trustid-x3-root.pem
+https://letsencrypt.org/certs/lets-encrypt-e1.pem
-ADD https://letsencrypt.org/certs/letsencryptauthorityx3.pem /usr/local/share/ca-certificates/letsencryptauthorityx3.pem 
+https://letsencrypt.org/certs/lets-encrypt-r4.pem
-
+https://letsencrypt.org/certs/lets-encrypt-e2.pem
-RUN cd /usr/local/share/ca-certificates \
- && openssl x509 -in isrgrootx1.pem -inform PEM -out isrgrootx1.crt \
- && openssl x509 -in trustid-x3-root.pem -inform PEM -out trustid-x3-root.crt \
- && openssl x509 -in letsencryptauthorityx3.pem -inform PEM -out letsencryptauthorityx3.crt \
- && openssl x509 -in isrg-root-x2.pem -inform PEM -out isrg-root-x2.crt
-
-RUN update-ca-certificates 
-
-ENV DEBIAN_FRONTEND=
 EOF
+)"
+
+
+echo "ENV DEBIAN_FRONTEND=noninteractive" >> Dockerfile
+echo "RUN apt-get update && apt-get install --yes --no-install-recommends openssl ca-certificates" >> Dockerfile
+
+for cert in $CERTS; do
+    filename=$(basename "$cert")
+    echo "ADD $cert $DESTDIR/$filename" >> Dockerfile
+    echo "RUN openssl x509 -in '$DESTDIR/$filename' -inform PEM -out '$DESTDIR/$filename.crt'" >> Dockerfile
+done
+
+echo "RUN $UPDATE_CERTS_CMD" >> Dockerfile
+echo "ENV DEBIAN_FRONTEND=" >> Dockerfile