[Preseeding] Own mirror with LetsEncrypt-Cert not accepted

[fx919]

Hi,

I built a custom Debian installer based on the official Debian 12.5.0 amd64 netinstall iso. I furthermore use a preseed.cfg to use this local mirror. The mirror is redirecting http traffic to https and is using a LetsEncrypt-Certificate. When the installation runs, I get Certificate Errors like this:

Code: Select all

# doing this in the installer on a terminal (same errors as the installer writes into syslog):

chroot /target
apt-get update
...
Certificate Verification Failed. The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Fehler in der Verifzierung des Zertifikates [IP: x.x.x.x 443]
...
No system certificates available. Try install ca-certificates.

The unattended install works with official debian mirrors via https (No LetsEncrypt Certificates seems to be used there)

My preseed-settings for the mirror:

Code: Select all

# grep mirror preseed.cfg 

d-i mirror/country string manual
d-i mirror/protocol string http
d-i mirror/http/hostname string akira.debian.mydomain.de
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string
d-i mirror/udeb/suite string stable
d-i mirror/suite string stable

Seems Debian Installer hasn't got ca-certificates. Interestingly when I omit the mirror settings and put in my mirror manually when asked by the installer the mirror is accepted without any warning. Actually I use plain http as a workaround - meaning I removed the redirect from http to https at the webserver of the mirror.

Is there a simple way to get the installer to accept the certificate or to add ca-certificates to the install system?