Apt-Get Update Failing because of Certificate Validation

Question

Using Ubuntu Focal fossa. I was trying to install a checkpoint ssl software for VPN, but seems like something messed up all my certificates. Now whenever I try

sudo apt-get update

I get the following errors.

Get:1 file:/var/cudnn-local-repo-ubuntu2004-8.3.1.22  InRelease
Ign:1 file:/var/cudnn-local-repo-ubuntu2004-8.3.1.22  InRelease
Get:2 file:/var/cudnn-local-repo-ubuntu2004-8.3.1.22  Release [564 B]
Get:2 file:/var/cudnn-local-repo-ubuntu2004-8.3.1.22  Release [564 B]
Ign:3 https://dl.google.com/linux/chrome/deb stable InRelease
Ign:4 https://gitlab.com/feren-os/feren-repositories-neon-focal/raw/master stable InRelease        
Err:5 https://dl.google.com/linux/chrome/deb stable Release                                        
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 74.125.68.91 443]
Ign:6 https://dl.winehq.org/wine-builds/ubuntu focal InRelease                                     
Ign:7 https://gitlab.com/feren-os/feren-repositories-focal/raw/master stable InRelease             
Err:8 https://dl.winehq.org/wine-builds/ubuntu focal Release                                       
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 199.232.46.217 443]
Ign:9 https://packages.microsoft.com/repos/azure-cli focal InRelease                               
Err:10 https://gitlab.com/feren-os/feren-repositories-neon-focal/raw/master stable Release         
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 172.65.251.78 443]
Ign:11 https://packages.microsoft.com/repos/ms-teams stable InRelease                              
Err:12 https://gitlab.com/feren-os/feren-repositories-focal/raw/master stable Release              
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 172.65.251.78 443]
Err:13 https://packages.microsoft.com/repos/azure-cli focal Release                                
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 40.65.182.21 443]
Ign:14 https://download.docker.com/linux/ubuntu focal InRelease                                    
Ign:15 https://desktop-download.mendeley.com/download/apt stable InRelease                         
Err:16 https://packages.microsoft.com/repos/ms-teams stable Release                                
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 40.65.182.21 443]
Err:17 https://download.docker.com/linux/ubuntu focal Release                                      
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 13.33.33.8 443]
Err:19 https://desktop-download.mendeley.com/download/apt stable Release                           
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 162.159.130.86 443]
Ign:20 https://packagecloud.io/AtomEditor/atom/any any InRelease                                   
Ign:21 https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64  InRelease       
Err:22 https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64  Release         
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 152.199.39.144 443]
Hit:23 http://archive.ubuntu.com/ubuntu focal InRelease                                            
Hit:24 http://archive.canonical.com/ubuntu focal InRelease                                         
Ign:25 http://repo.vivaldi.com/stable/deb stable InRelease                                         
Hit:26 http://repo.vivaldi.com/stable/deb stable Release                                           
Hit:27 http://deb.volian.org/volian scar InRelease                                                 
Get:28 http://archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]                           
Hit:29 http://ppa.launchpad.net/alessandro-strada/ppa/ubuntu focal InRelease                       
Err:30 https://packagecloud.io/AtomEditor/atom/any any Release                                     
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 52.52.107.175 443]
Get:31 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]                         
Hit:33 http://ppa.launchpad.net/inkscape.dev/stable/ubuntu focal InRelease                         
Get:34 http://archive.ubuntu.com/ubuntu focal-backports InRelease [108 kB]                  
Reading package lists... Done                                        
W: https://dl.google.com/linux/chrome/deb/dists/stable/InRelease: No system certificates available. Try installing ca-certificates.
W: https://gitlab.com/feren-os/feren-repositories-neon-focal/raw/master/dists/stable/InRelease: No system certificates available. Try installing ca-certificates.
W: https://dl.google.com/linux/chrome/deb/dists/stable/Release: No system certificates available. Try installing ca-certificates.
W: https://dl.winehq.org/wine-builds/ubuntu/dists/focal/InRelease: No system certificates available. Try installing ca-certificates.
W: https://gitlab.com/feren-os/feren-repositories-focal/raw/master/dists/stable/InRelease: No system certificates available. Try installing ca-certificates.
E: The repository 'https://dl.google.com/linux/chrome/deb stable Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: https://dl.winehq.org/wine-builds/ubuntu/dists/focal/Release: No system certificates available. Try installing ca-certificates.
W: https://packages.microsoft.com/repos/azure-cli/dists/focal/InRelease: No system certificates available. Try installing ca-certificates.
E: The repository 'https://dl.winehq.org/wine-builds/ubuntu focal Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: https://gitlab.com/feren-os/feren-repositories-neon-focal/raw/master/dists/stable/Release: No system certificates available. Try installing ca-certificates.
E: The repository 'https://gitlab.com/feren-os/feren-repositories-neon-focal/raw/master stable Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: https://packages.microsoft.com/repos/ms-teams/dists/stable/InRelease: No system certificates available. Try installing ca-certificates.
W: https://gitlab.com/feren-os/feren-repositories-focal/raw/master/dists/stable/Release: No system certificates available. Try installing ca-certificates.
E: The repository 'https://gitlab.com/feren-os/feren-repositories-focal/raw/master stable Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: https://packages.microsoft.com/repos/azure-cli/dists/focal/Release: No system certificates available. Try installing ca-certificates.
W: https://download.docker.com/linux/ubuntu/dists/focal/InRelease: No system certificates available. Try installing ca-certificates.
E: The repository 'https://packages.microsoft.com/repos/azure-cli focal Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: https://desktop-download.mendeley.com/download/apt/dists/stable/InRelease: No system certificates available. Try installing ca-certificates.
W: https://packages.microsoft.com/repos/ms-teams/dists/stable/Release: No system certificates available. Try installing ca-certificates.
W: https://download.docker.com/linux/ubuntu/dists/focal/Release: No system certificates available. Try installing ca-certificates.
E: The repository 'https://packages.microsoft.com/repos/ms-teams stable Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'https://download.docker.com/linux/ubuntu focal Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: https://desktop-download.mendeley.com/download/apt/dists/stable/Release: No system certificates available. Try installing ca-certificates.
E: The repository 'https://desktop-download.mendeley.com/download/apt stable Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: https://packagecloud.io/AtomEditor/atom/any/dists/any/InRelease: No system certificates available. Try installing ca-certificates.
W: https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/InRelease: No system certificates available. Try installing ca-certificates.
W: https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/Release: No system certificates available. Try installing ca-certificates.
E: The repository 'https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64  Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: https://packagecloud.io/AtomEditor/atom/any/dists/any/Release: No system certificates available. Try installing ca-certificates.
E: The repository 'https://packagecloud.io/AtomEditor/atom/any any Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.

what's the way out, save the nuclear option of reinstalling everything?

N: See apt-secure(8) manpage for repository creation and user configuration details.
N: Skipping acquire of configured file 'main/binary-i386/Packages' as repository 'http://deb.volian.org/volian scar InRelease' doesn't support architecture 'i386'

vidarlo · Accepted Answer · 2022-02-14T10:07:54.237

Download the package ca-certificates manually from the Ubuntu repositories. You can download it using wget with wget --no-check-certificate http://security.ubuntu.com/ubuntu/pool/main/c/ca-certificates/ca-certificates_20210119~20.04.2_all.deb
Run dpkg -r --force-depends ca-certificates to remove the old package and eventual files that's without content.
Run dpkg -i ca-certificates_20210119~20.04.2_all.deb to install the package.

This should put you in a more or less clean slate with regards to certificates.

Note to future readers: Don't use the wget command above; go find the up to date package for your version of Ubuntu from packages.ubuntu.com. These things do change.

score 1 · Answer 2 · answered Feb 13 '22 at 09:12

1

This could be solved in different ways as below link:

https://askubuntu.com/questions/1095266/apt-get-update-failed-because-certificate-verification-failed-because-handshake

answered Feb 13 '22 at 09:12

Zareh Kasparian

803

fsrechia · Answer 3 · 2023-08-29T17:46:20.470

In my case the ubuntu repositories were working, but all third-party repos were failing with certificate errors. For instance, virtualbox, teamviewer and brave browser apt repositories presented certificate errors:

Err:1 https://brave-browser-apt-release.s3.brave.com stable InRelease
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 108.158.147.42 443]
Err:8 https://download.docker.com/linux/ubuntu jammy InRelease                                                                             
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 52.84.83.46 443]
Err:9 https://linux.teamviewer.com/deb stable InRelease                                                                                    
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 13.227.97.115 443]
Err:10 https://download.virtualbox.org/virtualbox/debian jammy InRelease                                                                   
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 23.40.56.91 443]
Fetched 5.535 B in 18s (306 B/s)                                                                                                           
Reading package lists... Done

I just did the following and it fixed the issue for me:

sudo apt reinstall ca-certificates

This was with Ubuntu 22.04 (jammy).

score 1 · Answer 4 · answered Sep 05 '23 at 13:01

In my case, a certificate linked from /etc/ssl/certs was broken. I found this creating /etc/apt/apt.conf.d/80-ssl-exceptions with line Acquire::https::<server>::CaInfo "/etc/ssl/certs/ca-certificates.crt";. Executing sudo apt update yielded the error message Could not load certificates from /etc/ssl/certs/ca-certificates.crt (CaInfo option): ASN1-Parser: error in implicit tag..

After removing the certificate and reinstalling ca-certificates (sudo apt reinstall ca-certificates) the update process worked.

Gergely Lukacsy · Answer 5 · 2025-05-19T14:12:40.897

If you get the following message:

No system certificates available. Try installing ca-certificates.

I would suggest to check the file permissions on /etc/ssl/certs/ and /etc/ssl/certs/ca-certificates first. If these can be written other than the root user, SSL won't work and thus, the error above will be thrown by apt. (Yes, the error message in this case is totally misleading).

To fix the problem, issue the following commands:

sudo chmod 755 /etc/ssl/
sudo chmod 755 /etc/ssl/certs/
sudo chmod 644 /etc/ssl/certs/ca-certificates.crt

If the problem still persists, you can try the methods posted by others.

bl3ssedc0de · Answer 6 · 2023-06-10T21:12:13.690

ERROR
Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake:

I have a clean install debian bullseye 11 on my physical machine and I get the same error when trying to update system #apt update.

The problem is due to the lack of certificates, for me it worked, changing https to http:

nano /etc/apt/sources.list

    deb [trusted=yes] http://deb.debian.org/debian bullseye-updates main contrib non-free
    deb-src [trusted=yes] http://deb.debian.org/debian bullseye-updates main contrib non-free
deb [trusted=yes] http://deb.debian.org/debian bullseye main
deb-src [trusted=yes] http://deb.debian.org/debian bullseye main

deb [trusted=yes] http://security.debian.org/debian-security bullseye-security main
deb-src [trusted=yes] http://security.debian.org/debian-security bullseye-security main

deb [trusted=yes] http://deb.debian.org/debian bullseye-backports main
deb-src [trusted=yes] http://deb.debian.org/debian bullseye-backports main

Then update apt update

Then install the certificates apt install ca-certificates

Verify that the certificates are installed ls /etc/ssl/certs

Then change http to https. nano /etc/apt/sources.list

    deb [trusted=yes] https://deb.debian.org/debian bullseye-updates main contrib non-free
    deb-src [trusted=yes] https://deb.debian.org/debian bullseye-updates main contrib non-free
deb [trusted=yes] https://deb.debian.org/debian bullseye main
deb-src [trusted=yes] https://deb.debian.org/debian bullseye main

deb [trusted=yes] https://security.debian.org/debian-security bullseye-security main
deb-src [trusted=yes] https://security.debian.org/debian-security bullseye-security main

deb [trusted=yes] https://deb.debian.org/debian bullseye-backports main
deb-src [trusted=yes] https://deb.debian.org/debian bullseye-backports main

Now #apt update should NOT give any problems.

score 0 · Answer 7 · edited Sep 09 '24 at 19:00

0

Something is broken in your cert chain locally. You have to reconfigure your ca-certificates:

sudo dpkg-reconfigure ca-certificates

It will ask you which cert you wish to activate in a numbered list and select all the certs so it can configure a new .crt.

run apt update to verify all was accepted.

edited Sep 09 '24 at 19:00

TommyPeanuts

576

answered Aug 31 '24 at 18:52

wakanda4eva

1

Imran AK · Answer 8 · 2025-02-11T07:05:36.023

-1

I had a similar issue while installing npm using apt. This is what I had to do in my DockerFile

RUN apt -o "Acquire::https::registry.npmjs.org::Verify-Peer=false;" install -y npm

If you just want to run sudo apt-get install npm, you could do

apt -o "Acquire::https::Verify-Peer=false" update
apt -o "Acquire::https::registry.npmjs.org::Verify-Peer=false;" install -y npm

edited Feb 11 '25 at 07:05

answered Feb 11 '25 at 07:04

Imran AK

1

Apt-Get Update Failing because of Certificate Validation

8 Answers8

Linked