Let me remove again and try purging, not sure if that will help at all.
show all output from:
apt update
&
apt-get update
Huzzah! Purging fixed it. Now YOU are out of date. My file is bigger than yours. Haha!
-rw-r--r-- 1 root root 202781 Sep 27 11:52 /etc/ssl/certs/ca-certificates.crt
Well that means it has the cert that needs to be removed?
202781
-199113
=======
3668
[sounds about the right size]
Oo, possibly? I'm not getting verification errors anymore though.
Please post here your exact steps [for all to see]
And I will follow along and we can both get back to where we should all be.
apt purge ca-certificates
apt install ca-certificates
I'm not sure if there is a better method, as removing the ca-certificates package also required removing other packages that had it as a dependency.
Oh no!
I get:
The following packages will be REMOVED:
apport* ca-certificates* cloud-init* landscape-common* python3-apport* python3-certifi* python3-httplib2* python3-requests*
python3-requests-unixsocket* snapd* software-properties-common* ssh-import-id* ubuntu-release-upgrader-core* ubuntu-server* update-manager-core*
update-notifier-common*
I had a similar list. In my case I think I only needed one of the packages so I just reinstalled it afterwards.
Yeah this is not an ideal solution for all (yet).
We need to purge ONLY ca-certificates
OR
Force it to actually update
[seems like it wasn't actually doing that]
Agreed.
hmm...
Even after removing that entire list and then (re)installing them all:
-rw-r--r-- 1 root root 199113 Sep 27 15:57 /etc/ssl/certs/ca-certificates.crt
Same size!
Doesn't make any sense.
So even though this seems to have worked in your benefit, I would caution anyone from doing this.
During my troubleshooting I was trying to add certificates manually, so I'm wondering if I have something extra installed that wouldn't normally be there. Still investigating.
Please show outputs:
apt install libgnutls-openssl27
apt install libgnutls30
libgnutls-openssl27 is already the newest version (3.5.18-1ubuntu1.5)
libgnutls30 is already the newest version (3.5.18-1ubuntu1.5)
Ya, I don't know. I had installed some certificates into /usr/local/share/ca-certificates
. After removing them I now get.
-rw-r--r-- 1 root root 200082 Sep 27 12:17 /etc/ssl/certs/ca-certificates.crt
which is smaller than before, but still doesn't match yours.
ls -l /usr/local/share/ca-certificates/