Join Log in
Score:1
Della avatar Server

Apt-Get Update Failing because of Certificate Validation

ke flag
Della

Using Ubuntu Focal fossa. I was trying to install a checkpoint ssl software for VPN, but seems like something messed up all my certificates. Now whenever I try

sudo apt-get update

I get the following errors.

Get:1 file:/var/cudnn-local-repo-ubuntu2004-8.3.1.22  InRelease
Ign:1 file:/var/cudnn-local-repo-ubuntu2004-8.3.1.22  InRelease
Get:2 file:/var/cudnn-local-repo-ubuntu2004-8.3.1.22  Release [564 B]
Get:2 file:/var/cudnn-local-repo-ubuntu2004-8.3.1.22  Release [564 B]
Ign:3 https://dl.google.com/linux/chrome/deb stable InRelease
Ign:4 https://gitlab.com/feren-os/feren-repositories-neon-focal/raw/master stable InRelease        
Err:5 https://dl.google.com/linux/chrome/deb stable Release                                        
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 74.125.68.91 443]
Ign:6 https://dl.winehq.org/wine-builds/ubuntu focal InRelease                                     
Ign:7 https://gitlab.com/feren-os/feren-repositories-focal/raw/master stable InRelease             
Err:8 https://dl.winehq.org/wine-builds/ubuntu focal Release                                       
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 199.232.46.217 443]
Ign:9 https://packages.microsoft.com/repos/azure-cli focal InRelease                               
Err:10 https://gitlab.com/feren-os/feren-repositories-neon-focal/raw/master stable Release         
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 172.65.251.78 443]
Ign:11 https://packages.microsoft.com/repos/ms-teams stable InRelease                              
Err:12 https://gitlab.com/feren-os/feren-repositories-focal/raw/master stable Release              
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 172.65.251.78 443]
Err:13 https://packages.microsoft.com/repos/azure-cli focal Release                                
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 40.65.182.21 443]
Ign:14 https://download.docker.com/linux/ubuntu focal InRelease                                    
Ign:15 https://desktop-download.mendeley.com/download/apt stable InRelease                         
Err:16 https://packages.microsoft.com/repos/ms-teams stable Release                                
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 40.65.182.21 443]
Err:17 https://download.docker.com/linux/ubuntu focal Release                                      
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 13.33.33.8 443]
Err:19 https://desktop-download.mendeley.com/download/apt stable Release                           
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 162.159.130.86 443]
Ign:20 https://packagecloud.io/AtomEditor/atom/any any InRelease                                   
Ign:21 https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64  InRelease       
Err:22 https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64  Release         
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 152.199.39.144 443]
Hit:23 http://archive.ubuntu.com/ubuntu focal InRelease                                            
Hit:24 http://archive.canonical.com/ubuntu focal InRelease                                         
Ign:25 http://repo.vivaldi.com/stable/deb stable InRelease                                         
Hit:26 http://repo.vivaldi.com/stable/deb stable Release                                           
Hit:27 http://deb.volian.org/volian scar InRelease                                                 
Get:28 http://archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]                           
Hit:29 http://ppa.launchpad.net/alessandro-strada/ppa/ubuntu focal InRelease                       
Err:30 https://packagecloud.io/AtomEditor/atom/any any Release                                     
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 52.52.107.175 443]
Get:31 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]                         
Hit:33 http://ppa.launchpad.net/inkscape.dev/stable/ubuntu focal InRelease                         
Get:34 http://archive.ubuntu.com/ubuntu focal-backports InRelease [108 kB]                  
Reading package lists... Done                                        
W: https://dl.google.com/linux/chrome/deb/dists/stable/InRelease: No system certificates available. Try installing ca-certificates.
W: https://gitlab.com/feren-os/feren-repositories-neon-focal/raw/master/dists/stable/InRelease: No system certificates available. Try installing ca-certificates.
W: https://dl.google.com/linux/chrome/deb/dists/stable/Release: No system certificates available. Try installing ca-certificates.
W: https://dl.winehq.org/wine-builds/ubuntu/dists/focal/InRelease: No system certificates available. Try installing ca-certificates.
W: https://gitlab.com/feren-os/feren-repositories-focal/raw/master/dists/stable/InRelease: No system certificates available. Try installing ca-certificates.
E: The repository 'https://dl.google.com/linux/chrome/deb stable Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: https://dl.winehq.org/wine-builds/ubuntu/dists/focal/Release: No system certificates available. Try installing ca-certificates.
W: https://packages.microsoft.com/repos/azure-cli/dists/focal/InRelease: No system certificates available. Try installing ca-certificates.
E: The repository 'https://dl.winehq.org/wine-builds/ubuntu focal Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: https://gitlab.com/feren-os/feren-repositories-neon-focal/raw/master/dists/stable/Release: No system certificates available. Try installing ca-certificates.
E: The repository 'https://gitlab.com/feren-os/feren-repositories-neon-focal/raw/master stable Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: https://packages.microsoft.com/repos/ms-teams/dists/stable/InRelease: No system certificates available. Try installing ca-certificates.
W: https://gitlab.com/feren-os/feren-repositories-focal/raw/master/dists/stable/Release: No system certificates available. Try installing ca-certificates.
E: The repository 'https://gitlab.com/feren-os/feren-repositories-focal/raw/master stable Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: https://packages.microsoft.com/repos/azure-cli/dists/focal/Release: No system certificates available. Try installing ca-certificates.
W: https://download.docker.com/linux/ubuntu/dists/focal/InRelease: No system certificates available. Try installing ca-certificates.
E: The repository 'https://packages.microsoft.com/repos/azure-cli focal Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: https://desktop-download.mendeley.com/download/apt/dists/stable/InRelease: No system certificates available. Try installing ca-certificates.
W: https://packages.microsoft.com/repos/ms-teams/dists/stable/Release: No system certificates available. Try installing ca-certificates.
W: https://download.docker.com/linux/ubuntu/dists/focal/Release: No system certificates available. Try installing ca-certificates.
E: The repository 'https://packages.microsoft.com/repos/ms-teams stable Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'https://download.docker.com/linux/ubuntu focal Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: https://desktop-download.mendeley.com/download/apt/dists/stable/Release: No system certificates available. Try installing ca-certificates.
E: The repository 'https://desktop-download.mendeley.com/download/apt stable Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: https://packagecloud.io/AtomEditor/atom/any/dists/any/InRelease: No system certificates available. Try installing ca-certificates.
W: https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/InRelease: No system certificates available. Try installing ca-certificates.
W: https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/Release: No system certificates available. Try installing ca-certificates.
E: The repository 'https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64  Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: https://packagecloud.io/AtomEditor/atom/any/dists/any/Release: No system certificates available. Try installing ca-certificates.
E: The repository 'https://packagecloud.io/AtomEditor/atom/any any Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.

what's the way out, save the nuclear option of reinstalling everything? N: See apt-secure(8) manpage for repository creation and user configuration details. N: Skipping acquire of configured file 'main/binary-i386/Packages' as repository 'http://deb.volian.org/volian scar InRelease' doesn't support architecture 'i386'

4567
0 + 0
apt
Score:2
vidarlo avatar Server
ar flag
vidarlo

  1. Download the package ca-certificates manually from the Ubuntu repositories. You can download it using wget with wget --no-check-certificate http://security.ubuntu.com/ubuntu/pool/main/c/ca-certificates/ca-certificates_20210119~20.04.2_all.deb

  2. Run dpkg -r --force-depends ca-certificates to remove the old package and eventual files that's without content.

  3. Run dpkg -i ca-certificates_20210119~20.04.2_all.deb to install the package.

This should put you in a more or less clean slate with regards to certificates.

Note to future readers: Don't use the wget command above; go find the up to date package for your version of Ubuntu from packages.ubuntu.com. These things do change.

0 + 0
Della avatar
ke flag
Della
Thanks, this was the problem. Don't know what messed up with the certificates. Can point me to any reference where I can learn a bit more about the process, what exactly certificates do when updating a system and what's their role in apt-get etc.?
0
Reply
vidarlo avatar
ar flag
vidarlo
CA certificates is pre-distributed trusted certificates. Websites use certificates issued by CA's to authenticate themself to clients. [Wikipedia has some information](https://en.wikipedia.org/wiki/Certificate_authority). VPN's also use certificates, so at some point during installation, something happened. A reinstall of the certificate package solved the situation.
0
Reply
Austin avatar
cn flag
Austin
Hi, this didn't work for me. I still get: Err:3 https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64 Release Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. Any idea how to fix?
0
Reply
vidarlo avatar
ar flag
vidarlo
It's a totally different error message end totally different error message. Why would the same solution apply? I suggest you ask a separate question.
0
Reply
Score:0
avatar Server
ps flag
CodeSode

Err:2 https://download.docker.com/linux/ubuntu bionic Release Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 13.249.208.36 4

I am getting this issue in Ubuntu while trying to apt get update. My final intention is to install docker in ubuntu 18.04 bionic. Need help

0 + 0
Score:0
Zareh Kasparian avatar Server
us flag
Zareh Kasparian

This could be solved in different ways as below link:

https://askubuntu.com/questions/1095266/apt-get-update-failed-because-certificate-verification-failed-because-handshake

0 + 0
Score:0
blessed avatar Server
br flag
blessed

ERROR
Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake:

I have a clean install debian bullseye 11 on my physical machine and I get the same error when trying to update system #apt update.

The problem is due to the lack of certificates, for me it worked, changing https to http:

nano /etc/apt/sources.list

    deb [trusted=yes] http://deb.debian.org/debian bullseye-updates main contrib non-free
    deb-src [trusted=yes] http://deb.debian.org/debian bullseye-updates main contrib non-free

    deb [trusted=yes] http://deb.debian.org/debian bullseye main
    deb-src [trusted=yes] http://deb.debian.org/debian bullseye main

    deb [trusted=yes] http://security.debian.org/debian-security bullseye-security main
    deb-src [trusted=yes] http://security.debian.org/debian-security bullseye-security main

    deb [trusted=yes] http://deb.debian.org/debian bullseye-backports main
    deb-src [trusted=yes] http://deb.debian.org/debian bullseye-backports main

Then update apt update

Then install the certificates apt install ca-certificates

Verify that the certificates are installed ls /etc/ssl/certs

Then change http to https. nano /etc/apt/sources.list

    deb [trusted=yes] https://deb.debian.org/debian bullseye-updates main contrib non-free
    deb-src [trusted=yes] https://deb.debian.org/debian bullseye-updates main contrib non-free

    deb [trusted=yes] https://deb.debian.org/debian bullseye main
    deb-src [trusted=yes] https://deb.debian.org/debian bullseye main

    deb [trusted=yes] https://security.debian.org/debian-security bullseye-security main
    deb-src [trusted=yes] https://security.debian.org/debian-security bullseye-security main

    deb [trusted=yes] https://deb.debian.org/debian bullseye-backports main
    deb-src [trusted=yes] https://deb.debian.org/debian bullseye-backports main

Now #apt update should NOT give any problems.

+ 1
Rakaim avatar
in flag
Rakaim
This is the most dangerous response on this page, if you choose to do this workaround, you'll need to put in a lot of time bringing the packages from the web into your network securely, and then access that cache instead of using any location on the web, like security.debian.org. This is open to man in the middle attacks.
0
Reply
Score:0
fsrechia avatar Server
ro flag
fsrechia

In my case the ubuntu repositories were working, but all third-party repos were failing with certificate errors. For instance, virtualbox, teamviewer and brave browser apt repositories presented certificate errors:

Err:1 https://brave-browser-apt-release.s3.brave.com stable InRelease
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 108.158.147.42 443]
Err:8 https://download.docker.com/linux/ubuntu jammy InRelease                                                                             
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 52.84.83.46 443]
Err:9 https://linux.teamviewer.com/deb stable InRelease                                                                                    
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 13.227.97.115 443]
Err:10 https://download.virtualbox.org/virtualbox/debian jammy InRelease                                                                   
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 23.40.56.91 443]
Fetched 5.535 B in 18s (306 B/s)                                                                                                           
Reading package lists... Done

I just did the following and it fixed the issue for me:

sudo apt reinstall ca-certificates

This was with Ubuntu 22.04 (jammy).

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.