fix the work-around by creating the target directory first

.circleci/config.yml

@@ -148,10 +148,6 @@ jobs:
       # one day someone pushed a bad revision to it and our CI broke.  So now
       # we just pin some recent version.  Who would have thought a floating
       # dependency would cause build instability?
-      #
-      # This pre-release image in particular fixes a problem in the 2.5.1
-      # image where no CA certificates are available.
-      # https://github.com/NixOS/nix/issues/5797
       - image: "nixos/nix:2.5.1"
 
     # Tahoe-LAFS requires more memory than we get from the default resource
@@ -165,7 +161,6 @@ jobs:
       # Let us use features marked "experimental".  For example, most/all of
       # the `nix <subcommand>` forms.
       NIX_CONFIG: "experimental-features = nix-command"
-      # NIX_SSL_CERT_FILE: "/nix/store/dvcalma5h3wd8bbwhj7g9m3yswxm707c-nss-cacert-3.66/etc/ssl/certs/ca-bundle.crt"
 
       # Pin a NixOS 21.11 revision.  Most of the software involved in the
       # build process is pinned by nix/sources.json with niv but a few things
@@ -177,11 +172,21 @@ jobs:
 
     steps:
       - run:
-          name: "Set up Cachix"
+          # Work around a bug in the 2.5.1 Docker image that prevents it from
+          # having any CA certificates to use to validate any certificates it
+          # encounters (and thus makes it incapable of talking to our binary
+          # caches).
+          #
+          # The work-around is from a comment on the issue
+          # https://github.com/NixOS/nix/issues/5797
+          name: "Fix CA Certificates"
           command: |
-            env
             mkdir -p /etc/ssl/certs/
             ln -s $NIX_SSL_CERT_FILE /etc/ssl/certs/
+
+      - run:
+          name: "Set up Cachix"
+          command: |
             nix-env -f $NIXPKGS -iA cachix bash
             cachix use "${CACHIX_NAME}"
             nix path-info --all > /tmp/store-path-pre-build