After using do-release-upgrade to upgrade Ubuntu to version 14.04.1 I started having the following problem:
root@orac:/root# wget https://www.progclub.org/robots.txt --2014-11-20 13:49:28-- https://www.progclub.org/robots.txt Resolving www.progclub.org (www.progclub.org)... 67.207.128.184 Connecting to www.progclub.org (www.progclub.org)|67.207.128.184|:443... connected. ERROR: cannot verify www.progclub.org's certificate, issued by '/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA’: Self-signed certificate encountered. To connect to www.progclub.org insecurely, use `--no-check-certificate'.
To start with I did this:
root@orac:/root# cd /etc/ssl/certs root@orac:/etc/ssl/certs# mv ssl-cert-snakeoil.pem ../ root@orac:/etc/ssl/certs# cd /etc/ssl/private root@orac:/etc/ssl/private# mv ssl-cert-snakeoil.key ../
Then I got rid of the symlink(s) for the ssl-cert-snakeoil.pem, e.g.:
root@orac:/etc/ssl# cd /etc/ssl/certs root@orac:/etc/ssl/certs# ll | grep 'snake' lrwxrwxrwx 1 root root 21 Jan 10 2012 c8882f98 -> ssl-cert-snakeoil.pem lrwxrwxrwx 1 root root 21 Mar 25 2014 c8882f98.0 -> ssl-cert-snakeoil.pem root@orac:/etc/ssl/certs# mv c8882f98* ../
Then I ran: dpkg-reconfigure ca-certificates:
root@orac:/root# dpkg-reconfigure ca-certificates
On the first screen I selected ‘ask’:
┌───────────────────────────────────┤ ca-certificates configuration ├────────────────────────────────────┐ │ This package may install new CA (Certificate Authority) certificates when upgrading. You may want to │ │ check such new CA certificates and select only certificates that you trust. │ │ │ │ - yes: new CA certificates will be trusted and installed; │ │ - no : new CA certificates will not be installed by default; │ │ - ask: prompt for each new CA certificate. │ │ │ │ Trust new certificates from certificate authorities? │ │ │ │ yes │ │ no │ │ ask │ │ │ │ │ ││ │ │ └────────────────────────────────────────────────────────────────────────────────────────────────────────┘
On the next screen I unselected everything:
Package configuration
┌────────────────────────────────────┤ ca-certificates configuration ├────────────────────────────────────┐
│ This package installs common CA (Certificate Authority) certificates in /usr/share/ca-certificates. . │
│ Please select the certificate authorities you trust so that their certificates are installed into │
│ /etc/ssl/certs. They will be compiled into a single /etc/ssl/certs/ca-certificates.crt file. │
│ │
│ Certificates to activate: │
│ │
│ [ ] mozilla/ACEDICOM_Root.crt ↑ │
│ [ ] mozilla/AC_Raíz_Certicámara_S.A..crt ▮ │
│ │
│ │
│ │
│ │
└─────────────────────────────────────────────────────────────────────────────────────────────────────────┘
Then I ran: dpkg-reconfigure ca-certificates again:
root@orac:/root# dpkg-reconfigure ca-certificates
On the first screen I selected ‘ask’:
┌───────────────────────────────────┤ ca-certificates configuration ├────────────────────────────────────┐ │ This package may install new CA (Certificate Authority) certificates when upgrading. You may want to │ │ check such new CA certificates and select only certificates that you trust. │ │ │ │ - yes: new CA certificates will be trusted and installed; │ │ - no : new CA certificates will not be installed by default; │ │ - ask: prompt for each new CA certificate. │ │ │ │ Trust new certificates from certificate authorities? │ │ │ │ yes │ │ no │ │ ask │ │ │ │ │ ││ │ │ └────────────────────────────────────────────────────────────────────────────────────────────────────────┘
On the next screen I selected everything:
Package configuration
┌────────────────────────────────────┤ ca-certificates configuration ├────────────────────────────────────┐
│ This package installs common CA (Certificate Authority) certificates in /usr/share/ca-certificates. . │
│ Please select the certificate authorities you trust so that their certificates are installed into │
│ /etc/ssl/certs. They will be compiled into a single /etc/ssl/certs/ca-certificates.crt file. │
│ │
│ Certificates to activate: │
│ │
│ [*] mozilla/ACEDICOM_Root.crt ↑ │
│ [*] mozilla/AC_Raíz_Certicámara_S.A..crt ▮ │
│ │
│ │
│ │
│ │
└─────────────────────────────────────────────────────────────────────────────────────────────────────────┘
Then magically everything was working again!
root@orac:/root# wget https://www.progclub.org/robots.txt --2014-11-20 14:35:50-- https://www.progclub.org/robots.txt Resolving www.progclub.org (www.progclub.org)... 67.207.128.184 Connecting to www.progclub.org (www.progclub.org)|67.207.128.184|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 364 [text/plain] Saving to: 'robots.txt.1’ 100%[=====================================================================>] 364 --.-K/s in 0s 2014-11-20 14:35:51 (8.54 MB/s) - 'robots.txt.1’ saved [364/364]