问题
当我更新 apt 存储库时,我遇到了 HTTPS 存储库“证书验证失败”的问题。例如:
Err:4 https://mirror.transip.net/ubuntu/ubuntu bionic Release
Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 149.210.210.109 443]
Err:10 https://mirror.vorboss.net/ubuntu-archive bionic Release
Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 5.10.147.2 443]
Reading package lists... Done
W: https://mirror.transip.net/ubuntu/ubuntu/dists/bionic/InRelease: No system certificates available. Try installing ca-certificates.
所有存储库 (我尝试过的所有存储库) 都存在该问题。
当然,我更新了 ca-certificates,但看起来 apt 没有从 /etc/ssl/certs 读取证书
# update-ca-certificates --fresh
Clearing symlinks in /etc/ssl/certs...
done.
Updating certificates in /etc/ssl/certs...
133 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
您有什么办法可以解决这个问题吗?
提前致谢 !
测试
我测试了证书是否安装正确。所以我调用了 curl 和 openssl 来测试 HTTPS 存储库
# curl https://mirror.transip.net/ubuntu/ubuntu/dists/bionic/Release
Acquire-By-Hash: yes
# openssl s_client -CAfile /etc/ssl/certs/ca-certificates.crt -connect mirror.transip.net:443 < /dev/null
SSL handshake has read 6107 bytes and written 446 bytes
Verification: OK
通过这 2 个测试,我们可以看出证书没有问题
信息
我的操作系统是 Ubuntu 18.04.4 LTS (Bionic Beaver)
答案1
非常奇怪,请尝试重新安装 ca 证书。
sudo apt install --reinstall ca-certificates
如果这不起作用,您可以找到有问题的服务器的文件,并添加 [trusted=yes] 以绕过验证测试,如下所示:
deb [信任=是]https://yaddayadda.com事情在这里发生
答案2
不推荐,但作为一种解决方法,请尝试更改您的 apt/sources.list
从 'deb https://...' 到 'deb http://...'
例如没有's'
这将让 apt 使用标准 http 端口 80 而不是 https 端口 443。