Ubuntu apt 报错 Certificate verification failed: The certificate is NOT trusted

发表于 分类于 阅读次数: 本文字数: 1.9k 阅读时长 ≈ 2 分钟

问题

使用 Windows 系统安装了 Ubuntu 20.04 wsl1.0 子系统之后,照例进行软件更新,修改为清华源之后,执行 apt update 命令报错:

Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification

解决方法

确认配置文件里面使用的是https源(https://mirrors.tuna.tsinghua.edu.cn/help/ubuntu/):

1
2
3
4
5
6
7
8
9
10
11
12
13
# 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-security main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-security main restricted universe multiverse

# 预发布软件源,不建议启用
# deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse

通过 date 命令,查看时间与当前时间一致,排除时间造成的证书问题。

通过 apt install ca-certificates --reinstall 无法更新安装包。

手动下载 ca-certificates deb 文件重新安装最新版。文件来自:https://pkgs.org/download/ca-certificates

Type URL
Mirror archive.ubuntu.com
Binary Package http://archive.ubuntu.com/ubuntu/pool/main/c/ca-certificates/ca-certificates_20210119~20.04.2_all.deb
Source Package ca-certificates

在终端执行以下命令:

1
2
3
cd /tmp
wget http://archive.ubuntu.com/ubuntu/pool/main/c/ca-certificates/ca-certificates_20210119~20.04.2_all.deb
dpkg -i ./ca-certificates_20210119~20.04.2_all.deb

更新最新的包之后,再执行 apt update ,成功完成更新。

来源参考:https://forum.ubuntu.com.cn/viewtopic.php?t=490174#p3217236