Resolving issues with CA certificate verification on Linux 19.3 Tricia
How to resolve CA certificate issues
I recently ran into an issue where certificate verification on my Linux Mint desktop started failing. Some of the errors included apt
failing to perform CA validation.
sudo apt update
Hit:1 http://archive.ubuntu.com/ubuntu bionic InRelease
Get:2 http://archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Hit:3 http://ppa.launchpad.net/ansible/ansible/ubuntu bionic InRelease
Hit:4 http://ppa.launchpad.net/remmina-ppa-team/remmina-next/ubuntu bionic InRelease
Get:5 http://archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]
Ign:6 http://packages.linuxmint.com tricia InRelease
Get:7 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Hit:8 http://packages.linuxmint.com tricia Release
Get:9 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 DEP-11 Metadata [306 kB]
Get:10 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 DEP-11 Metadata [279 kB]
Get:11 http://archive.ubuntu.com/ubuntu bionic-updates/multiverse amd64 DEP-11 Metadata [2,468 B]
Hit:12 http://archive.canonical.com/ubuntu bionic InRelease
Get:13 http://archive.ubuntu.com/ubuntu bionic-backports/universe amd64 DEP-11 Metadata [7,968 B]
Get:15 http://security.ubuntu.com/ubuntu bionic-security/main amd64 DEP-11 Metadata [43.8 kB]
Get:16 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 DEP-11 Metadata [49.2 kB]
Get:17 http://security.ubuntu.com/ubuntu bionic-security/multiverse amd64 DEP-11 Metadata [2,464 B]
Ign:18 https://download.docker.com/linux/ubuntu bionic InRelease
Err:19 https://download.docker.com/linux/ubuntu bionic Release
Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 13.224.102.65 443]
Reading package lists... Done
W: https://download.docker.com/linux/ubuntu/dists/bionic/InRelease: No system certificates available. Try installing ca-certificates.
W: https://download.docker.com/linux/ubuntu/dists/bionic/Release: No system certificates available. Try installing ca-certificates.
E: The repository 'https://download.docker.com/linux/ubuntu bionic Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
I also ran into an issue where curl was failing to validate server and CA certificates.
~ curl https://google.com
curl: (77) error setting certificate verify locations:
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
To fix issue you will need to update the CA certificate store using update-ca-certificates
program. update-ca-certificates is a program that updates the directory /etc/ssl/certs to hold certificates and generates ca-certificates.crt, a concatenated single-file list of certificates.
To resolve these issues, run the following command on your Linux Mint machine
update-ca-certificates -v
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...