110

Running sudo apt-get update on my AWS EC2 Ubuntu 18.04.01 LTS instance fails:

Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown

when trying to access the deb.nodesource.com/node_10.x bionic Release

Here is the result after running sudo apt-get update:

Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu bionic InRelease
Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Ign:3 https://deb.nodesource.com/node_10.x bionic InRelease
Get:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]
Err:5 https://deb.nodesource.com/node_10.x bionic Release
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: XX.XXX.XX.XX 443]
Get:6 http://security.ubuntu.com/ubuntu bionic-security InRelease [83.2 kB]
Reading package lists... Done
W: https://deb.nodesource.com/node_10.x/dists/bionic/InRelease: No system certificates available. Try installing ca-certificates.
W: https://deb.nodesource.com/node_10.x/dists/bionic/Release: No system certificates available. Try installing ca-certificates.
E: The repository 'https://deb.nodesource.com/node_10.x bionic Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

It seems like my current installation of Node.js is causing the problem.

I have tried installing and updating ca-certificates in etc/ssl/certs, however, this did not help. I'm not exactly sure how to proceed from here to resolve this issue.

I'm not looking for a quick workaround that would compromise the security of the server.

Improve this question
0

19 Answers 19

Reset to default
120

I experienced this error trying to add the keys for mongodb-org 4.0 to a docker container running Ubuntu 18.04. There was a problem with the certificates installed in this base image. I managed to fix it by install ca-certificates:

sudo apt install ca-certificates
Improve this answer
12
  • 3
    Thanks - this actually solved the problem without bypassing security.
    – carusot42
    Commented Mar 27, 2020 at 19:42
  • 2
    This should be an accepted answer. Today met the same problem inside of 18.04.* container, installing ca-certificates resolved it. Thanks!
    – Andrei Sinitson
    Commented Oct 1, 2021 at 8:35
  • 1
    I think the reason this happens is because the root certificates on the Ubuntu are outdated, so upgrading ca-certificates solves it.
    – lucaswxp
    Commented Oct 2, 2021 at 14:06
  • 1
    @lucaswxp Frankly speaking, I don't have the knowledge to know if what you said is the real cause of the problem, but I really appreciate that you are explaining "why" instead of simply doing "how".
    – yaobin
    Commented Oct 15, 2021 at 18:32
  • 1
    For me, I just had to make sure I updated it... sudo apt install --only-upgrade ca-certificates
    – Cobertos
    Commented Oct 22, 2021 at 1:13
36

For those still having this issue, here is a solution which I gleaned from the Ubuntu manpages.

The OP's post indicates a certificate verification error:

Err:5 https://deb.nodesource.com/node_10.x bionic Release
Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: XX.XXX.XX.XX 443]

I was having similar issues on a VM which sits behind a corporate proxy. The proxy acts as a man-in-the-middle, decrypting and re-encrypting traffic as it flows through the proxy. Even though I had the trusted certificate installed on my VM for the proxy, this error was still happening, caused by an invalid OCSP response. To fix it, I ran this command:

touch /etc/apt/apt.conf.d/99verify-peer.conf \
&& echo >>/etc/apt/apt.conf.d/99verify-peer.conf "Acquire { https::Verify-Peer false }"

This disables apt's OCSP verification, and is not recommended.

I chose a different solution, which may not be available to others. Our company maintains a non-decrypting proxy for use cases like this, so I switched to using it.

Improve this answer
3
  • 2
    Thankyou in advance itworks
    – fajin yu
    Commented Oct 13, 2021 at 2:42
  • Yes, I had the same problem – it was because of company security settings.
    – MC Emperor
    Commented Mar 14, 2023 at 10:32
  • 1
    NOT RECOMMENDED [security purpose] but it's still being a very great explanation
    – Sergio Mcfly PYK
    Commented Apr 16, 2023 at 2:37
35

You can add [trusted=yes] in the sources.list. For example:

deb [trusted=yes] http://ppa.launchpad.net/repo_name/pkg/ubuntu vivid main
deb-src [trusted=yes] http://ppa.launchpad.net/repo_name/pkg/ubuntu vivid main
Improve this answer
5
  • 8
    Hi Mike. I'm still seeing the same error after updating both /etc/apt/sources.list and /etc/apt/sources.list.d/nodesource.list with [trusted=yes] as shown above.
    – Joe
    Commented Nov 23, 2018 at 17:01
  • 2
    sorry for the newbie question, but where is sources list, how do I add trusted=yes, and what does "vivid" mean in this context?
    – schlingel
    Commented Dec 12, 2019 at 8:15
  • 4
    If you are VPNing through somewhere that uses ZScaler or something alike then you may hit this problem too. In my case I had only to turn off the vpn and the update went flawless.
    – Leo
    Commented May 8, 2020 at 8:49
  • @schlingel sources.list.d at /etc/apt/, vivid is the first part of Ubuntu release (version) name..
    – All Іѕ Vаиітy
    Commented Nov 17, 2021 at 7:03
  • 1
    not work for me...
    – Linc
    Commented Jun 25, 2022 at 7:33
21

Make sure your date and time are set correctly.

Improve this answer
3
  • 1
    This fixed my issue on an old debian system.
    – Alireza S.N
    Commented Jan 18, 2023 at 14:13
  • This fixed the issue for me on Ubuntu 20, arm64
    – Giorgos Betsos
    Commented May 16, 2023 at 18:19
  • 1
    On this topic, for my devices having wrong time(s), connecting them to an NTP server fixed this problem.
    – JWCS
    Commented Jul 19, 2023 at 17:09
9

This happened today to me on an old, poorly maintained Ubuntu 16 release.

The first problem was that the sources in /etc/apt were HTTP and not HTTPS, and they had been blocked. The HTTPS links failed verification, which was expected since I believe they use LetsEncrypt and they changed their certification path last October.

But I could not update ca-certificates because they were believed current -- and I could not make apt understand they weren't current because, you know, the update was not working.

So:

  1. Temporarily disable certificate verification by adding

    Acquire { https::Verify-Peer false }

    in /etc/apt/apt.conf.d/99verify-peer.conf.

  2. Run apt update to get the new ca-certificates info

  3. Run apt install ca-certificates

  4. Re-enable certificate verification

    Edit the file above and remove the peer-verification bypass. If the file is now empty, you may delete it.

Now everything should mostly work.

I then proceeded to clean the apt cache, and run a full dist-upgrade. This, in turn, unlocked the do-release-upgrade command. It did not work completely on the first time around, I had to run apt-get update again, clean unneeded packages and remove two packages that were conflicted, and update.

After a couple of hours and another release upgrade from 18, I got the system running Ubuntu 20.04-LTS and could reinstall the two missing packages from the previous stage. Everything is okay now.

Improve this answer
5

You can replace https:// with http:// from setup script using sed.

curl -sL https://deb.nodesource.com/setup_10.x | sed 's|https://|http://|' | sudo -E bash -

This should be used as the last alternative of course.

Improve this answer
2
  • 1
    Welp... not recommended... Also, some resources may redirect to HTTP over SSL/TLS anyways on their back-end.
    – Artfaith
    Commented Oct 26, 2021 at 21:48
  • 1
    Thanks that worked for me to change https to http, install apt install ca-certificates and again change http to https. serverfault.com/questions/1093511/…
    – bl3ssedc0de
    Commented Jun 10, 2023 at 21:07
2

What caused the problem

I was originally trying to install Node.js on Ubuntu 18.04.01 LTS via PPA and curl via: 

curl -sL https://deb.nodesource.com/setup_10.x -o nodesource_setup.sh

However, running this command generated a nodesource.list file in etc/apt/sources.list.d/ with the following contents: 

deb https://deb.nodesource.com/node_10.x xenial main
deb-src https://deb.nodesource.com/node_10.x xenial main

So when running sudo apt update these sources could not be trusted via SSL handshake which caused to the update to fail.

How I fixed it

  1. Navigated to /etc/apt/nodesource.list.d

  2. Removed nodesource.list file from the system with

    sudo rm nodesource.list

  3. Purged the system of any current Node.js installation with

    sudo apt-get purge nodejs

    sudo apt-get autoremove

  4. Installed the Distro-Stable Version of Node.js for Ubuntu with:

    sudo apt update

    sudo apt install nodejs

    sudo apt install npm

Improve this answer
2
  • "So when running ... these sources could not be trusted via SSL handshake": Why could they not be trusted?
    – BlenderBender
    Commented Apr 20, 2019 at 13:47
  • @BlenderBender At the time this error happened, I couldn't find the root cause as to why these sources could not be trusted.
    – Joe
    Commented May 23, 2019 at 14:35
2

I was facing the same error on WSL2 Ubuntu and tried to install ca-certificates with no luck, as it was already installed.

Then I updated /etc/apt/sources.list to use the global servers, updated Apt, and now it works. After upgrading, I saw some updates were made in the /etc/ssl/certs directory; new certificates.

Out of curiosity, I changed sources.list file to use the mirror servers again, and everything works.

Improve this answer
1
  • can you tell me the global servers and how did you updated /etc/apt/source.list file?
    – cloudcop
    Commented Mar 22, 2022 at 20:48
2

This error can be caused by not having the certs in /etc/ssl/certs world-readable. I ran into this after restoring my certs from a backup: for me, the /etc/ssl directory itself was set to 750 instead of 755 making it's contents unreadable except to root.

Try these commands if you're having trouble and reinstalling ca-certificates doesn't help:

sudo chmod 755 /etc /etc/ssl /etc/ssl/certs
sudo chmod 644 /etc/ssl/certs/ca-certificates.crt
Improve this answer
2
  • 1
    And you're exactly right, sir! Kudos for posting. Was super-puzzled by seeing the relevant CA roots present in the ca bundle, browser/curl/openssl s_client verifying no problem — but apt acting up. Turned out, a cert issuing script I used before on this machine, set /etc/ss/certs to 750. Best wishes
    – ulidtko
    Commented Jan 6, 2023 at 14:27
  • This solved my problem!
    – eethirteenzz
    Commented Jan 30 at 5:12
2

To summary all the response above, there are 3 possibilities:

1/ ca-certificates are not installed Solution:

apt install -y ca-certificates

But you say they are. So for you, that should not be an answer.

2/ disable https check (https::Verify-Peer) Solution: add this to /etc/apt/conf.d/

Acquire { https::Verify-Peer false }

but that reduce your security.

3/ find the certificate of your server and add it

Improve this answer
1
  • 2
    This adds no value
    – Dan Parsonson
    Commented May 16, 2023 at 2:43
2

This fixed it for me:

sudo dpkg-reconfigure tzdata
sudo date -s "$(wget -qSO- --max-redirect=0 google.com 2>&1 | grep Date: | cut -d' ' -f5-8)Z"
sudo apt update
sudo apt upgrade ca-certificates --fix-missing

Credits to:

Improve this answer
1

This issue can also occur due to corrupt cache. I resolved this by:

sudo apt clean

then

sudo apt update

then

sudo apt upgrade
Improve this answer
1
  • thanks, this helped
    – prembhaskal
    Commented Oct 21, 2021 at 14:00
1

I meet same problem,
here fix (try) step by step.

// base on caffeinated.tech's answer,
// I guess something break my ca-certificates package.

1. mirror 1

sudo apt-get update
Ign:1 https://mirrors.ustc.edu.cn/ubuntu focal InRelease
Ign:2 https://mirrors.ustc.edu.cn/ubuntu focal-updates InRelease
Hit:3 http://dl.google.com/linux/chrome/deb stable InRelease                                     
Ign:4 https://mirrors.ustc.edu.cn/ubuntu focal-backports InRelease                                               
Ign:5 https://mirrors.ustc.edu.cn/ubuntu focal-security InRelease                                                 
Ign:6 https://mirrors.ustc.edu.cn/ubuntu focal-proposed InRelease           
Hit:7 http://ppa.launchpad.net/jgmath2000/et/ubuntu focal InRelease
Err:8 https://mirrors.ustc.edu.cn/ubuntu focal Release
  Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate.  Could not handshake: Error in the certificate verification. [IP: 218.104.71.170 443]
Err:9 https://mirrors.ustc.edu.cn/ubuntu focal-updates Release
  Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate.  Could not handshake: Error in the certificate verification. [IP: 218.104.71.170 443]
Err:10 https://mirrors.ustc.edu.cn/ubuntu focal-backports Release                                       
  Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate.  Could not handshake: Error in the certificate verification. [IP: 218.104.71.170 443]
Err:11 https://mirrors.ustc.edu.cn/ubuntu focal-security Release                                        
  Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate.  Could not handshake: Error in the certificate verification. [IP: 218.104.71.170 443]
Err:12 https://mirrors.ustc.edu.cn/ubuntu focal-proposed Release
  Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate.  Could not handshake: Error in the certificate verification. [IP: 218.104.71.170 443]
Hit:13 http://ppa.launchpad.net/libretro/stable/ubuntu focal InRelease
Reading package lists... Done
E: The repository 'https://mirrors.ustc.edu.cn/ubuntu focal Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'https://mirrors.ustc.edu.cn/ubuntu focal-updates Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'https://mirrors.ustc.edu.cn/ubuntu focal-backports Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'https://mirrors.ustc.edu.cn/ubuntu focal-security Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'https://mirrors.ustc.edu.cn/ubuntu focal-proposed Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

2. mirror 2

 sudo apt-get update
Ign:1 https://mirrors.tuna.tsinghua.edu.cn/ubuntu focal InRelease
Ign:2 https://mirrors.tuna.tsinghua.edu.cn/ubuntu focal-updates InRelease        
Ign:3 https://mirrors.tuna.tsinghua.edu.cn/ubuntu focal-backports InRelease      
Ign:4 https://mirrors.tuna.tsinghua.edu.cn/ubuntu focal-security InRelease       
Err:5 http://dl.google.com/linux/chrome/deb stable InRelease
  Something wicked happened resolving 'dl.google.com:http' (-5 - No address associated with hostname)
Err:6 https://mirrors.tuna.tsinghua.edu.cn/ubuntu focal Release                    
  Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate.  Could not handshake: Error in the certificate verification. [IP: 101.6.15.130 443]
Hit:7 http://ppa.launchpad.net/jgmath2000/et/ubuntu focal InRelease                
Err:8 https://mirrors.tuna.tsinghua.edu.cn/ubuntu focal-updates Release
  Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate.  Could not handshake: Error in the certificate verification. [IP: 101.6.15.130 443]
Err:9 https://mirrors.tuna.tsinghua.edu.cn/ubuntu focal-backports Release
  Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate.  Could not handshake: Error in the certificate verification. [IP: 101.6.15.130 443]
Err:10 https://mirrors.tuna.tsinghua.edu.cn/ubuntu focal-security Release                                      
  Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate.  Could not handshake: Error in the certificate verification. [IP: 101.6.15.130 443]
Hit:11 http://ppa.launchpad.net/libretro/stable/ubuntu focal InRelease                                         
Reading package lists... Done                                
E: The repository 'https://mirrors.tuna.tsinghua.edu.cn/ubuntu focal Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'https://mirrors.tuna.tsinghua.edu.cn/ubuntu focal-updates Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'https://mirrors.tuna.tsinghua.edu.cn/ubuntu focal-backports Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'https://mirrors.tuna.tsinghua.edu.cn/ubuntu focal-security Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

3. offical

sudo apt update
Hit:1 http://dl.google.com/linux/chrome/deb stable InRelease
Hit:2 http://security.ubuntu.com/ubuntu focal-security InRelease                                                                                           
Hit:3 http://cn.archive.ubuntu.com/ubuntu focal InRelease           
Hit:4 http://ppa.launchpad.net/jgmath2000/et/ubuntu focal InRelease
Hit:5 http://cn.archive.ubuntu.com/ubuntu focal-updates InRelease        
Hit:6 http://ppa.launchpad.net/libretro/stable/ubuntu focal InRelease    
Reading package lists... Done
Building dependency tree       
Reading state information... Done
39 packages can be upgraded. Run 'apt list --upgradable' to see them.

4. install ca-certificates

sudo apt install ca-certificates 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  gir1.2-evince-3.0 libllvm11 libmusicbrainz5-2 linux-headers-5.8.0-43-generic linux-hwe-5.8-headers-5.8.0-43 linux-image-5.8.0-43-generic linux-modules-5.8.0-43-generic
  linux-modules-extra-5.8.0-43-generic
Use 'sudo apt autoremove' to remove them.
The following packages will be upgraded:
  ca-certificates
1 upgraded, 0 newly installed, 0 to remove and 39 not upgraded.
Need to get 145 kB of archives.
After this operation, 1,024 B disk space will be freed.
Get:1 http://cn.archive.ubuntu.com/ubuntu focal-updates/main amd64 ca-certificates all 20210119~20.04.2 [145 kB]
Fetched 145 kB in 2s (87.6 kB/s)          
Preconfiguring packages ...
(Reading database ... 363632 files and directories currently installed.)
Preparing to unpack .../ca-certificates_20210119~20.04.2_all.deb ...
Unpacking ca-certificates (20210119~20.04.2) over (20210119~20.04.1) ...
Setting up ca-certificates (20210119~20.04.2) ...
Updating certificates in /etc/ssl/certs...
0 added, 1 removed; done.
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for ca-certificates (20210119~20.04.2) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.

// here found ca-certificates upgraded, // which was not found before (maybe something break old package)

5. mirror 1, again

sudo apt update
Hit:1 https://mirrors.ustc.edu.cn/ubuntu focal InRelease
Hit:2 http://dl.google.com/linux/chrome/deb stable InRelease
Hit:3 https://mirrors.ustc.edu.cn/ubuntu focal-updates InRelease
Hit:4 https://mirrors.ustc.edu.cn/ubuntu focal-backports InRelease
Hit:5 https://mirrors.ustc.edu.cn/ubuntu focal-security InRelease
Hit:6 https://mirrors.ustc.edu.cn/ubuntu focal-proposed InRelease
Hit:7 http://ppa.launchpad.net/jgmath2000/et/ubuntu focal InRelease
Hit:8 http://ppa.launchpad.net/libretro/stable/ubuntu focal InRelease
Reading package lists... Done
Building dependency tree       
Reading state information... Done
55 packages can be upgraded. Run 'apt list --upgradable' to see them.

this time it worked.

Improve this answer
1

touch /etc/apt/apt.conf.d/99verify-peer.conf
&& echo >>/etc/apt/apt.conf.d/99verify-peer.conf "Acquire { https::Verify-Peer false }"

Will disable Cert verification, and no error will be generated.

Improve this answer
0
0

I have encountered a problem that is similar to yours, with the Ubuntu Server installed in a VM, but the underlying cause should be different. I put out the problem description and the solution in case that someone who encountered the same problem reaches here.

Brief Summary: The similar problem is caused by the network condition of our office. When the problem occurs, I used a bridged network for Internet access. After changing the VM network setting to the normal NAT, the problem is mitigated.

Background: I have installed Ubuntu Server LTS 18.04.3 with VMWare Player. After the installation is completed, I have used the VM for several days, including upgrading the system with sudo apt update|upgrade and install new applications with sudo apt install <appname>.

Problem: After a weekend, I reopen the VM and want to install some new software. So I first try to update the repository information with sudo apt update to see if there are something that is upgradable. However, after executing this command, I get the following results:

gary@ubuntu-vm:~$ sudo apt update
Ign:1 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic InRelease
Ign:2 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic-updates InRelease
Ign:3 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic-backports InRelease
Ign:4 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic-security InRelease
Err:5 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic Release
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 101.6.8.193 443]
Err:6 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic-updates Release
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 101.6.8.193 443]
Err:7 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic-backports Release
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 101.6.8.193 443]
Err:8 https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic-security Release
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 101.6.8.193 443]
Reading package lists... Done
E: The repository 'https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic-updates Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic-backports Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'https://mirrors.tuna.tsinghua.edu.cn/ubuntu bionic-security Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

which is similar to the aseked problem(e.g., Ign:3 and Err:5), but not the same.

Solution: I have searched the related topics on Google, and many said that the problem is caused by incorrect configuration of certificates. However, I should never change any certificate configuration after installation of the system. Besides, avoiding certificates authentication should not be a regular routine.

To make sure that I did not change related configurations, I reinstall the system. I found that the installation cannot be completed, with the error log similar to the above one. After finding this, I guess that this problem should be caused by the network connection problem, as in this point there is no configuration made to the system.

Therefore, I checked the configuration of the VM instance, and found that this VM uses a bridged network rather than NAT. So I changed the network setting to NAT, which is usually the default network setting, then everything returns to normal!

After that, I recalled that when I first install the VM, I connect my computer to another computer to share the network (using NAT at the second computer). Later, I have my own network connection and I want the VM direct access to the physical network, so I changed the VM network setting to a bridged network, which then caused the problem (It's simply a network connection problem, because the physical network require authentication for network connection, while the VM does not have the credentials).

Improve this answer
0

Try and update the GNU TLS-related packages.
I had the same problem with Ubuntu 16.04 LTS and the sublimetext APT repository, among others:

server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

I had tried all the proposed solutions to no avail.
The funny thing is that if I ran echo "" | gnutls-cli download.sublimetext.com -p 443 from another computer, the certificate was accepted, so I know it had to be a client problem.
Then, almost by chance, I checked the pending updates in Software Updater and there were two GNU TLS packages.
I updated them and magically all the errors disappeared. I don't remember the package names exactly but here are all the TLS libaries installed on my machine:

ii  gnutls-bin                        3.4.10-4ubuntu1.9     amd64                 GNU TLS library - commandline utilities
ii  libcurl3-gnutls:amd64             7.47.0-1ubuntu2.19    amd64                 easy-to-use client-side URL transfer library (GnuTLS flavour)
ii  libgnutls-dev:amd64               3.4.10-4ubuntu1.9     amd64                 GNU TLS library - development files
ii  libgnutls-openssl27:amd64         3.4.10-4ubuntu1.9     amd64                 GNU TLS library - OpenSSL wrapper
ii  libgnutls28-dev:amd64             3.4.10-4ubuntu1.9     amd64                 dummy transitional package for GNU TLS library - development files
ii  libgnutls30:amd64                 3.4.10-4ubuntu1.9     amd64                 GNU TLS library - main runtime library
ii  libgnutlsxx28:amd64               3.4.10-4ubuntu1.9     amd64                 GNU TLS library - C++ runtime library
ii  libneon27-gnutls:amd64            0.30.1-3build1        amd64                 HTTP and WebDAV client library (GnuTLS enabled)
Improve this answer
0

This answer points apt-get at a custom cert store by using a config file and setting the APT_CONFIG environment variable to point at this new file.

echo 'Acquire::https {\
        CaInfo "/cacert.pem";\
}' > /apt.conf
APT_CONFIG=/apt.conf
Improve this answer
-2

In my case, I moved to nvm installation steps... as the third party instance was not able to resolve this error, and I did not have sudo rights and other permissions in brief.

referred this URL for nvm steps ... https://linuxize.com/post/how-to-install-node-js-on-ubuntu-18.04/

Improve this answer
0
-2

Err:14 https://apt.llvm.org/bionic llvm-toolchain-bionic-11 Release
Certificate verification failed: The certificate is NOT trusted. The revocation or OCSP data are old and have been superseded. Could not handshake: Error in the certificate verification.

Time zone and date in ubuntu was configured manually. Browser was set to sync with ubuntu. This caused the error The revocation or OCSP data are old and have been superseded Set time and date to auto update. Works fine

Improve this answer
1
  • This is not an answer to the question.
    – Reinier Post
    Commented Apr 19, 2023 at 15:38

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .