Ubuntu 18.04 apt 更新因 https 存储库而失败

Ubuntu 18.04 apt 更新因 https 存储库而失败

问题

当我更新 apt 存储库时,我遇到了 HTTPS 存储库“证书验证失败”的问题。例如:

Err:4 https://mirror.transip.net/ubuntu/ubuntu bionic Release
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 149.210.210.109 443]
Err:10 https://mirror.vorboss.net/ubuntu-archive bionic Release
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 5.10.147.2 443]
Reading package lists... Done
W: https://mirror.transip.net/ubuntu/ubuntu/dists/bionic/InRelease: No system certificates available. Try installing ca-certificates.

所有存储库 (我尝试过的所有存储库) 都存在该问题。

当然,我更新了 ca-certificates,但看起来 apt 没有从 /etc/ssl/certs 读取证书

# update-ca-certificates --fresh
Clearing symlinks in /etc/ssl/certs...
done.
Updating certificates in /etc/ssl/certs...
133 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.

您有什么办法可以解决这个问题吗?

提前致谢 !

测试

我测试了证书是否安装正确。所以我调用了 curl 和 openssl 来测试 HTTPS 存储库

# curl https://mirror.transip.net/ubuntu/ubuntu/dists/bionic/Release
Acquire-By-Hash: yes
# openssl s_client -CAfile /etc/ssl/certs/ca-certificates.crt -connect mirror.transip.net:443 < /dev/null
SSL handshake has read 6107 bytes and written 446 bytes
Verification: OK

通过这 2 个测试,我们可以看出证书没有问题

信息

我的操作系统是 Ubuntu 18.04.4 LTS (Bionic Beaver)

答案1

非常奇怪,请尝试重新安装 ca 证书。

sudo apt install --reinstall ca-certificates

如果这不起作用,您可以找到有问题的服务器的文件,并添加 [trusted=yes] 以绕过验证测试,如下所示:

deb [信任=是]https://yaddayadda.com事情在这里发生

答案2

不推荐,但作为一种解决方法,请尝试更改您的 apt/sources.list

从 'deb https://...' 到 'deb http://...'

例如没有's'

这将让 apt 使用标准 http 端口 80 而不是 https 端口 443。

相关内容