server certificate verification failed. CAfile: /etc/ssl/certs/cacertificates.crt CRLfile: none
Run this commands to update the root certificates of your system:
apt update
apt upgrade
sudo dpkg-reconfigure ca-certificates
- Run this command to download the latest LetsEncrypt root CA certs:
sudo curl -k https://letsencrypt.org/certs/isrgrootx1.pem.txt -o /usr/local/share/ca-certificates/isrgrootx1.crt
sudo curl -k https://letsencrypt.org/certs/letsencryptauthorityx1.pem.txt -o /usr/local/share/ca-certificates/letsencryptauthorityx1.crt
sudo curl -k https://letsencrypt.org/certs/letsencryptauthorityx2.pem.txt -o /usr/local/share/ca-certificates/letsencryptauthorityx2.crt
sudo curl -k https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem.txt -o /usr/local/share/ca-certificates/letsencryptx1.crt
sudo curl -k https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.pem.txt -o /usr/local/share/ca-certificates/letsencryptx2.crt
sudo curl -k https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt -o /usr/local/share/ca-certificates/letsencryptx3.crt
sudo curl -k https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.pem.txt -o /usr/local/share/ca-certificates/letsencryptx4.crt
- Run this command to reconfigure the cets in your system:
sudo dpkg-reconfigure ca-certificates
- During reconfigure stage, please deselect "DST Root CA X3" certificate.
After these steps, apt update should work for LetsEncrypt based sources and wget and curl should not complain.
Note: curl
-k
parameter allows curl to connect to an 'insecure' SSL server, which is the case, as LetsEncrypt certificate is not trusted.