Hi!
The SysV init script should not be used on a system that is running
systemd. It is there to be used on non-systemd Debian installations
only (kfreebsd, hurd). If you have enabled this on a systemd based
system, please disable it.
On systemd based systems the proper way is to use the fetch-crl systemd
timer unit. This is activated using:
systemctl enable fetch-crl.timer
systemctl start fetch-crl.timer
There is also a fetch-crl systemd service unit. This is only intended
to be run when the timer unit is triggered, and can not be enabled on
its own - the unit files does not have an install section by design.
The issue with missing certificates would better be addressed by
updating the igtf-policy packages (if you are using them).
Unfortunately, due to the freeze for the upcoming release, this package
is not up to date in Debian and still contains references to an old
discontinued CA that was removed from later upstream releases.
If the discontinued CA (INFN-CA-2015) causes issued for you, you can
reconfigure igtf-policy-classic to exclude it.
See /usr/share/doc/igtf-policy-classic/README.Debian
Let me know if this addresses your issues.
Mattias Ellert
tor 2021-07-15 klockan 13:22 +0200 skrev Carl-Fredrik Enell: