Update Root Certificate | “server certificate verification failed” error

When upgrading packages on non-upgraded systems, an error can sometimes occur if old certificates are present:

server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt

To renew certificates, do the following:.

Centos:

Install if not:

yum install ca-certificates

And update:

update-ca-trust force-enable

Ubuntu\Debian:

Reconfiguring certificates:

dpkg-reconfigure ca-certificates

Uncheck DST Root CA X3 and execute:

update-ca-certificates

Also, we can add a specific certificate. To do this, run the command:

echo | openssl s_client -showcerts -servername www.example.com -connect example.com:443 2>/dev/null | awk '/-----BEGIN CERTIFICATE-----/, /-----END CERTIFICATE-----/' >> /usr/local/share/ca-certificates/ca-certificates.crt

And update the certificate:

update-ca-certificates

Where: www.example.com and example.com — is the host from which to add the certificate.

If the error appears when updating packages, we simply solve:

Add the following lines to the /etc/apt/apt.conf.d/80ssl-exceptions file:

Acquire::https::Verify-Peer "false"; 
Acquire::https::Verify-Host "false";

Next update:

apt-get update 
apt-get upgrade