15

I have an Ubuntu 14.04.5 LTS installation. It just recently became unable to verify modern Let's Encrypt certificates. The current version of ca-certificates is 20160104ubuntu0.14.04.1. apt search ca-certificates tells me that the package is upgradeable to 20170717~14.04.2 from trusty-updates, but I think that's probably not modern enough.

I see ca-certificates version 20210119~18.04.2 in bionic-updates. Is it possible to install this without disrupting the system? Is there a better way? Thanks.

user1389892
  • 161
  • 1
  • 1
  • 4

1 Answers1

16

You can install the latest stable certs from source (you'll need a working wget and unxz or at least a way of copying the uncompressed .tar file or its contents onto your target server (perhaps just scp -r once you've extracted it locally):

# Ensure dependencies
sudo apt -y install make tar xz-utils wget

Make a place to build it in


mkdir -p ~/src
cd ~/src
wget https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/ca-certificates/20210119~20.04.2/ca-certificates_20210119~20.04.2.tar.xz

tar -xJf ca-certificates_20210119~20.04.2.tar.xz


Now build and install


cd ca-certificates-20210119~20.04.1
make
sudo make install


You might want to run this interactively to ensure


you can select the ISRG Root X1


in which case, just run: sudo dpkg-reconfigure ca-certificates


sudo dpkg-reconfigure -fnoninteractive ca-certificates
sudo update-ca-certificates
/usr/bin/c_rehash /etc/ssl/certs
questionto42
  • 274
jaygooby
  • 276