Certificate verification failures usually indicate outdated CA bundles, clock drift, or TLS interception. Fix root trust first before retrying updates or downloads.
1) Validate system time
timedatectl status
If time is off, TLS validation fails even with correct certificates.
2) Refresh CA certificates
sudo apt update
sudo apt install --reinstall -y ca-certificates
sudo update-ca-certificates
3) Confirm OpenSSL trust path
openssl version -d
ls -l /etc/ssl/certs/ca-certificates.crt
4) Retry failing command with verbose TLS output
This helps identify whether failure is hostname mismatch, unknown issuer, or expired cert.
5) Proxy environments
If your network uses TLS inspection, install org CA correctly into trust store.
Validation Commands
sudo systemctl --failed
sudo journalctl -p err -n 100
uname -a
Further reading: Ubuntu Server Documentation
Related posts: