[Infra]: - remove the expired "DST Root CA X3" Let’s Encrypt certificate

         - alternative certificate ("ISRG Root X1") is in place to handle the verification process

Reference: f4pga/f4pga-arch-defs#2290
Explanation: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

Co-author: Tim 'mithro' Ansell <[email protected]>
Signed-off-by: Seyed Alireza Damghani <[email protected]>

Author: sdamghan

.github/kokoro/steps/hostsetup.sh

@@ -11,15 +11,24 @@ echo "----------------------------------------"
 
 echo
 echo "========================================"
-echo "Host not verifying certificate name matches server name"
+echo "Update the CA certificates"
 echo "----------------------------------------"
-echo | sudo tee -a /etc/apt/apt.conf.d/80-ignore-ssl-issues <<EOF
-// Do not verify peer certificate
-Acquire::https::Verify-Peer "false";
-// Do not verify that certificate name matches server name
-Acquire::https::Verify-Host "false";
-EOF
+sudo apt-get install -y ca-certificates
 echo "----------------------------------------"
+sudo update-ca-certificates
+echo "----------------------------------------"
+
+echo
+echo "========================================"
+echo "Remove the expired letsencrypt.org cert "
+echo "----------------------------------------"
+sudo rm /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
+echo "----------------------------------------"
+sudo update-ca-certificates
+echo "----------------------------------------"
+wget https://helloworld.letsencrypt.org/ || true
+echo "----------------------------------------"
+
 
 echo
 echo "========================================"