After using do-release-upgrade to upgrade Ubuntu to version 14.04.1 I started having the following problem:
root@orac:/root# wget https://www.progclub.org/robots.txt
--2014-11-20 13:49:28-- https://www.progclub.org/robots.txt
Resolving www.progclub.org (www.progclub.org)... 67.207.128.184
Connecting to www.progclub.org (www.progclub.org)|67.207.128.184|:443... connected.
ERROR: cannot verify www.progclub.org's certificate, issued by '/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA’:
Self-signed certificate encountered.
To connect to www.progclub.org insecurely, use `--no-check-certificate'.
To start with I did this:
root@orac:/root# cd /etc/ssl/certs
root@orac:/etc/ssl/certs# mv ssl-cert-snakeoil.pem ../
root@orac:/etc/ssl/certs# cd /etc/ssl/private
root@orac:/etc/ssl/private# mv ssl-cert-snakeoil.key ../
Then I got rid of the symlink(s) for the ssl-cert-snakeoil.pem, e.g.:
root@orac:/etc/ssl# cd /etc/ssl/certs
root@orac:/etc/ssl/certs# ll | grep 'snake'
lrwxrwxrwx 1 root root 21 Jan 10 2012 c8882f98 -> ssl-cert-snakeoil.pem
lrwxrwxrwx 1 root root 21 Mar 25 2014 c8882f98.0 -> ssl-cert-snakeoil.pem
root@orac:/etc/ssl/certs# mv c8882f98* ../
Then I ran: dpkg-reconfigure ca-certificates:
root@orac:/root# dpkg-reconfigure ca-certificates
On the first screen I selected ‘ask’:
┌───────────────────────────────────┤ ca-certificates configuration ├────────────────────────────────────┐
│ This package may install new CA (Certificate Authority) certificates when upgrading. You may want to │
│ check such new CA certificates and select only certificates that you trust. │
│ │
│ - yes: new CA certificates will be trusted and installed; │
│ - no : new CA certificates will not be installed by default; │
│ - ask: prompt for each new CA certificate. │
│ │
│ Trust new certificates from certificate authorities? │
│ │
│ yes │
│ no │
│ ask │
│ │
│ │
│ │
│ │
└────────────────────────────────────────────────────────────────────────────────────────────────────────┘
On the next screen I unselected everything:
Package configuration
┌────────────────────────────────────┤ ca-certificates configuration ├────────────────────────────────────┐
│ This package installs common CA (Certificate Authority) certificates in /usr/share/ca-certificates. . │
│ Please select the certificate authorities you trust so that their certificates are installed into │
│ /etc/ssl/certs. They will be compiled into a single /etc/ssl/certs/ca-certificates.crt file. │
│ │
│ Certificates to activate: │
│ │
│ [ ] mozilla/ACEDICOM_Root.crt ↑ │
│ [ ] mozilla/AC_Raíz_Certicámara_S.A..crt ▮ │
│ │
│ │
│ │
│ │
└─────────────────────────────────────────────────────────────────────────────────────────────────────────┘
Then I ran: dpkg-reconfigure ca-certificates again:
root@orac:/root# dpkg-reconfigure ca-certificates
On the first screen I selected ‘ask’:
┌───────────────────────────────────┤ ca-certificates configuration ├────────────────────────────────────┐
│ This package may install new CA (Certificate Authority) certificates when upgrading. You may want to │
│ check such new CA certificates and select only certificates that you trust. │
│ │
│ - yes: new CA certificates will be trusted and installed; │
│ - no : new CA certificates will not be installed by default; │
│ - ask: prompt for each new CA certificate. │
│ │
│ Trust new certificates from certificate authorities? │
│ │
│ yes │
│ no │
│ ask │
│ │
│ │
│ │
│ │
└────────────────────────────────────────────────────────────────────────────────────────────────────────┘
On the next screen I selected everything:
Package configuration
┌────────────────────────────────────┤ ca-certificates configuration ├────────────────────────────────────┐
│ This package installs common CA (Certificate Authority) certificates in /usr/share/ca-certificates. . │
│ Please select the certificate authorities you trust so that their certificates are installed into │
│ /etc/ssl/certs. They will be compiled into a single /etc/ssl/certs/ca-certificates.crt file. │
│ │
│ Certificates to activate: │
│ │
│ [*] mozilla/ACEDICOM_Root.crt ↑ │
│ [*] mozilla/AC_Raíz_Certicámara_S.A..crt ▮ │
│ │
│ │
│ │
│ │
└─────────────────────────────────────────────────────────────────────────────────────────────────────────┘
Then magically everything was working again!
root@orac:/root# wget https://www.progclub.org/robots.txt
--2014-11-20 14:35:50-- https://www.progclub.org/robots.txt
Resolving www.progclub.org (www.progclub.org)... 67.207.128.184
Connecting to www.progclub.org (www.progclub.org)|67.207.128.184|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 364 [text/plain]
Saving to: 'robots.txt.1’
100%[=====================================================================>] 364 --.-K/s in 0s
2014-11-20 14:35:51 (8.54 MB/s) - 'robots.txt.1’ saved [364/364]