最近我尝试https
在 localhost 中添加自己的 ssl 以提供支持,但我无法实现,但现在我收到了所有这些证书错误
使用命令git push
fatal: unable to access 'https://github.com/username/project.git/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
cat /etc/ssl/certs/ca-certificates.crt
是空白的。
我试过
sudo apt install --reinstall ca-certificates
sudo update-ca-certificates
$ GIT_CURL_VERBOSE=1 git push
* Couldn't find host github.com in the .netrc file; using defaults
* Trying 192.30.253.113...
* TCP_NODELAY set
* Connected to github.com (192.30.253.113) port 443 (#0)
* found 0 certificates in /etc/ssl/certs/ca-certificates.crt
* found 4 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
* stopped the pause stream!
* Closing connection 0
在 /etc/ssl/certs/ca-certificates.crt 中找到 0 个证书
我收到证书更新错误sudo apt update
Hit:1 http://np.archive.ubuntu.com/ubuntu bionic InRelease
Hit:2 http://np.archive.ubuntu.com/ubuntu bionic-updates InRelease
Hit:3 http://np.archive.ubuntu.com/ubuntu bionic-backports InRelease
Hit:4 http://np.archive.ubuntu.com/ubuntu bionic-proposed InRelease
Get:5 http://security.ubuntu.com/ubuntu bionic-security InRelease [83.2 kB]
Ign:6 https://deb.nodesource.com/node_8.x bionic InRelease
Ign:7 http://dl.google.com/linux/chrome/deb stable InRelease
Get:8 http://archive.canonical.com/ubuntu bionic InRelease [10.2 kB]
Hit:9 http://ppa.launchpad.net/hluk/copyq/ubuntu bionic InRelease
Ign:10 https://packages.cloud.google.com/apt cloud-sdk-bionic InRelease
Hit:11 http://dl.google.com/linux/chrome/deb stable Release
Err:12 https://deb.nodesource.com/node_8.x bionic Release
Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 13.33.170.36 443]
Hit:13 http://packages.microsoft.com/repos/vscode stable InRelease
Err:14 https://packages.cloud.google.com/apt cloud-sdk-bionic Release
Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 74.125.68.113 443]
Ign:15 https://download.sublimetext.com apt/stable/ InRelease
Hit:16 http://ppa.launchpad.net/mozillateam/firefox-next/ubuntu bionic InRelease
Ign:17 http://repo.vivaldi.com/stable/deb stable InRelease
Hit:18 http://repo.vivaldi.com/stable/deb stable Release
Hit:19 http://ppa.launchpad.net/ubuntubudgie/backports/ubuntu bionic InRelease
Err:20 https://download.sublimetext.com apt/stable/ Release
Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 104.236.0.104 443]
Reading package lists... Done
W: https://deb.nodesource.com/node_8.x/dists/bionic/InRelease: No system certificates available. Try installing ca-certificates.
W: https://packages.cloud.google.com/apt/dists/cloud-sdk-bionic/InRelease: No system certificates available. Try installing ca-certificates.
W: https://deb.nodesource.com/node_8.x/dists/bionic/Release: No system certificates available. Try installing ca-certificates.
W: https://download.sublimetext.com/apt/stable/InRelease: No system certificates available. Try installing ca-certificates.
E: The repository 'https://deb.nodesource.com/node_8.x bionic Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: https://packages.cloud.google.com/apt/dists/cloud-sdk-bionic/Release: No system certificates available. Try installing ca-certificates.
E: The repository 'https://packages.cloud.google.com/apt cloud-sdk-bionic Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: https://download.sublimetext.com/apt/stable/Release: No system certificates available. Try installing ca-certificates.
E: The repository 'https://download.sublimetext.com apt/stable/ Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
[編輯]
cat /etc/ca-certificates.conf
# This file lists certificates that you wish to use or to ignore to be
# installed in /etc/ssl/certs.
# update-ca-certificates(8) will update /etc/ssl/certs by reading this file.
#
# This is autogenerated by dpkg-reconfigure ca-certificates.
# Certificates should be installed under /usr/share/ca-certificates
# and files with extension '.crt' is recognized as available certs.
#
# line begins with # is comment.
# line begins with ! is certificate filename to be deselected.
#
!mozilla/ACCVRAIZ1.crt
!mozilla/AC_RAIZ_FNMT-RCM.crt
!mozilla/Actalis_Authentication_Root_CA.crt
!mozilla/AddTrust_External_Root.crt
!mozilla/AffirmTrust_Commercial.crt
!mozilla/AffirmTrust_Networking.crt
!mozilla/AffirmTrust_Premium.crt
!mozilla/AffirmTrust_Premium_ECC.crt
!mozilla/Amazon_Root_CA_1.crt
!mozilla/Amazon_Root_CA_2.crt
!mozilla/Amazon_Root_CA_3.crt
!mozilla/Amazon_Root_CA_4.crt
!mozilla/Atos_TrustedRoot_2011.crt
!mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
!mozilla/Baltimore_CyberTrust_Root.crt
!mozilla/Buypass_Class_2_Root_CA.crt
!mozilla/Buypass_Class_3_Root_CA.crt
!mozilla/CA_Disig_Root_R2.crt
!mozilla/CFCA_EV_ROOT.crt
!mozilla/COMODO_Certification_Authority.crt
!mozilla/COMODO_ECC_Certification_Authority.crt
!mozilla/COMODO_RSA_Certification_Authority.crt
!mozilla/Certigna.crt
!mozilla/Certinomis_-_Root_CA.crt
!mozilla/Certplus_Class_2_Primary_CA.crt
!mozilla/Certplus_Root_CA_G1.crt
!mozilla/Certplus_Root_CA_G2.crt
!mozilla/Certum_Trusted_Network_CA.crt
!mozilla/Certum_Trusted_Network_CA_2.crt
!mozilla/Chambers_of_Commerce_Root_-_2008.crt
!mozilla/Comodo_AAA_Services_root.crt
!mozilla/Cybertrust_Global_Root.crt
!mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt
!mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt
!mozilla/DST_Root_CA_X3.crt
!mozilla/Deutsche_Telekom_Root_CA_2.crt
!mozilla/DigiCert_Assured_ID_Root_CA.crt
!mozilla/DigiCert_Assured_ID_Root_G2.crt
!mozilla/DigiCert_Assured_ID_Root_G3.crt
!mozilla/DigiCert_Global_Root_CA.crt
!mozilla/DigiCert_Global_Root_G2.crt
!mozilla/DigiCert_Global_Root_G3.crt
!mozilla/DigiCert_High_Assurance_EV_Root_CA.crt
!mozilla/DigiCert_Trusted_Root_G4.crt
!mozilla/E-Tugra_Certification_Authority.crt
!mozilla/EC-ACC.crt
!mozilla/EE_Certification_Centre_Root_CA.crt
!mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt
!mozilla/Entrust_Root_Certification_Authority.crt
!mozilla/Entrust_Root_Certification_Authority_-_EC1.crt
!mozilla/Entrust_Root_Certification_Authority_-_G2.crt
!mozilla/GDCA_TrustAUTH_R5_ROOT.crt
!mozilla/GeoTrust_Global_CA.crt
!mozilla/GeoTrust_Primary_Certification_Authority.crt
!mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt
!mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt
!mozilla/GeoTrust_Universal_CA.crt
!mozilla/GeoTrust_Universal_CA_2.crt
!mozilla/GlobalSign_ECC_Root_CA_-_R4.crt
!mozilla/GlobalSign_ECC_Root_CA_-_R5.crt
!mozilla/GlobalSign_Root_CA.crt
!mozilla/GlobalSign_Root_CA_-_R2.crt
!mozilla/GlobalSign_Root_CA_-_R3.crt
!mozilla/Global_Chambersign_Root_-_2008.crt
!mozilla/Go_Daddy_Class_2_CA.crt
!mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt
!mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
!mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
!mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
!mozilla/Hongkong_Post_Root_CA_1.crt
!mozilla/ISRG_Root_X1.crt
!mozilla/IdenTrust_Commercial_Root_CA_1.crt
!mozilla/IdenTrust_Public_Sector_Root_CA_1.crt
!mozilla/Izenpe.com.crt
!mozilla/LuxTrust_Global_Root_2.crt
!mozilla/Microsec_e-Szigno_Root_CA_2009.crt
!mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
!mozilla/Network_Solutions_Certificate_Authority.crt
!mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt
!mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt
!mozilla/OpenTrust_Root_CA_G1.crt
!mozilla/OpenTrust_Root_CA_G2.crt
!mozilla/OpenTrust_Root_CA_G3.crt
!mozilla/QuoVadis_Root_CA.crt
!mozilla/QuoVadis_Root_CA_1_G3.crt
!mozilla/QuoVadis_Root_CA_2.crt
!mozilla/QuoVadis_Root_CA_2_G3.crt
!mozilla/QuoVadis_Root_CA_3.crt
!mozilla/QuoVadis_Root_CA_3_G3.crt
!mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt
!mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
!mozilla/SSL.com_Root_Certification_Authority_ECC.crt
!mozilla/SSL.com_Root_Certification_Authority_RSA.crt
!mozilla/SZAFIR_ROOT_CA2.crt
!mozilla/SecureSign_RootCA11.crt
!mozilla/SecureTrust_CA.crt
!mozilla/Secure_Global_CA.crt
!mozilla/Security_Communication_RootCA2.crt
!mozilla/Security_Communication_Root_CA.crt
!mozilla/Sonera_Class_2_Root_CA.crt
!mozilla/Staat_der_Nederlanden_EV_Root_CA.crt
!mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt
!mozilla/Staat_der_Nederlanden_Root_CA_-_G3.crt
!mozilla/Starfield_Class_2_CA.crt
!mozilla/Starfield_Root_Certificate_Authority_-_G2.crt
!mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt
!mozilla/SwissSign_Gold_CA_-_G2.crt
!mozilla/SwissSign_Silver_CA_-_G2.crt
!mozilla/T-TeleSec_GlobalRoot_Class_2.crt
!mozilla/T-TeleSec_GlobalRoot_Class_3.crt
!mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
!mozilla/TWCA_Global_Root_CA.crt
!mozilla/TWCA_Root_Certification_Authority.crt
!mozilla/Taiwan_GRCA.crt
!mozilla/TeliaSonera_Root_CA_v1.crt
!mozilla/TrustCor_ECA-1.crt
!mozilla/TrustCor_RootCert_CA-1.crt
!mozilla/TrustCor_RootCert_CA-2.crt
!mozilla/Trustis_FPS_Root_CA.crt
!mozilla/TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H5.crt
!mozilla/USERTrust_ECC_Certification_Authority.crt
!mozilla/USERTrust_RSA_Certification_Authority.crt
!mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
!mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt
!mozilla/VeriSign_Universal_Root_Certification_Authority.crt
!mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt
!mozilla/Visa_eCommerce_Root.crt
!mozilla/XRamp_Global_CA_Root.crt
!mozilla/certSIGN_ROOT_CA.crt
!mozilla/ePKI_Root_Certification_Authority.crt
!mozilla/thawte_Primary_Root_CA.crt
!mozilla/thawte_Primary_Root_CA_-_G2.crt
!mozilla/thawte_Primary_Root_CA_-_G3.crt
答案1
这sudo dpkg-reconfigure ca-certificates
将解决这个问题。
需要选择您想要安装的所有证书颁发机构