Issue with some app installs, wget reporting "The certificate is not trusted"

Hi there,

this afternoon we identified an issue which may prevent some installations / upgrade due to a recently expired root CA certificate. As a result, commands like

wget https://fluxbb.org/

may return something like

ERROR: The certificate of ‘fluxbb.org’ is not trusted.
ERROR: The certificate of ‘fluxbb.org’ has expired.

despite the certificate being valid…

Note that:

  • this affect some websites but not others depending on their certificate issuer
  • the command will work on your laptop if it’s reasonably up to date, but won’t work on your yunohost server

There are detailed explanations available here :

A manual fix is to run the following commands on your server:

sudo sed -i 's@^mozilla/AddTrust_External_Root.crt$@#mozilla/AddTrust_External_Root.crt@g' /etc/ca-certificates.conf
sudo update-ca-certificates -f -v 

Debian is expected to release an updated version of ca-certificates in the coming hours / days, which should fix the issue without any manual tinkering.

1 Like