Update Root Certificate | “server certificate verification failed” error
When upgrading packages on non-upgraded systems, an error can sometimes occur if old certificates are present:
server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt
To renew certificates, do the following:.
Centos:
Install if not:
yum install ca-certificates
And update:
update-ca-trust force-enable
Ubuntu\Debian:
Reconfiguring certificates:
dpkg-reconfigure ca-certificates
Uncheck DST Root CA X3
and execute:
update-ca-certificates
Also, we can add a specific certificate. To do this, run the command:
echo | openssl s_client -showcerts -servername www.example.com -connect example.com:443 2>/dev/null | awk '/-----BEGIN CERTIFICATE-----/, /-----END CERTIFICATE-----/' >> /usr/local/share/ca-certificates/ca-certificates.crt
And update the certificate:
update-ca-certificates
Where: www.example.com and example.com — is the host from which to add the certificate.
If the error appears when updating packages, we simply solve:
Add the following lines to the /etc/apt/apt.conf.d/80ssl-exceptions
file:
Acquire::https::Verify-Peer "false";
Acquire::https::Verify-Host "false";
Next update:
apt-get update
apt-get upgrade