我的ca-certificates.crt的问题

Question

(我在Ubuntu 14.10上。取消命名-r => 3.16.0-31-通用)

apt-获取更新

Failed to fetch https://get.docker.com/ubuntu/dists/docker/main/binary-amd64/Packages  server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none.

git克隆https://github.com/sdelements/lets-chat.git

I can't clone anything - fatal: unable to access 'https://github.com/sdelements/lets-chat.git/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none.

docker run hello-world

Get https://index.docker.io/v1/repositories/library/hello-world/images: x509: certificate signed by unknown authority.

ls /etc/ssl/certs/ca-certificates.crt -l

-rw-r--r-- 1 root root 1964 Mar 26 18:19 /etc/ssl/certs/ca-certificates.crt

任何线索都将不胜感激。

Answer 1

我的所有ca证书都在/usr/share/ca- certificates /*中丢失

重新安装软件包将它们放回原处

如果它们在该位置丢失，执行强制重新加载将显示0的0：

更新-ca-证书-f

Clearing symlinks in /etc/ssl/certs...done.  
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.

apt-get install --install-certificates

Preparing to unpack .../ca-certificates_20141019ubuntu0.14.10.1_all.deb ...
Unpacking ca-certificates (20141019ubuntu0.14.10.1) over (20141019ubuntu0.14.10.1) ...
Processing triggers for man-db (2.7.0.2-2) ...
Setting up ca-certificates (20141019ubuntu0.14.10.1) ...
Processing triggers for ca-certificates (20141019ubuntu0.14.10.1) ...
Updating certificates in /etc/ssl/certs... WARNING: Skipping duplicate certificate Go_Daddy_Class_2_CA.pem
WARNING: Skipping duplicate certificate Go_Daddy_Class_2_CA.pem
173 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.

Answer 2

另一个原因可能是您的服务器时间:运行date检查您的服务器时间是否正确。如果不是，则运行sudo ntpdate -s ntp.ubuntu.com。错误的服务器时间可能会使ssl证书无效

在我的例子中，我恢复了一个服务器快照。因此，服务器时间仍设置为快照时间。重启可能也会解决这个问题，因为ubuntu会尝试在启动时更新时间。