🟡 Medium   ⏱ 5–30 min  Last verified: 19 May 2026

📖 ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

HTTPS connections fail with certificate verify errors for apt, curl, or application clients.

Environment & Reproduction

Ubuntu 18.04 instances with stale ca-certificates or enterprise TLS interception misconfiguration.

Root Cause Analysis

Outdated trust store, missing intermediate CA, or incorrect custom root deployment causes chain validation failure.

Quick Triage

Test with openssl s_client and verify package ca-certificates version via apt policy.

Step-by-Step Diagnosis

Inspect /etc/ssl/certs, check custom cert files in /usr/local/share/ca-certificates, and identify chain gaps.

Illustrative mockup for ubuntu-18-04-lts — ubuntu1804-ca-certificates-diagnose.webp
Checking trust store and TLS chain errors — Illustrative mockup — Progressive Robot

Solution – Primary Fix

Update ca-certificates package with apt, add required enterprise roots, then run update-ca-certificates.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

Illustrative mockup for ubuntu-18-04-lts — ubuntu1804-ca-certificates-fix.webp
Updating CA bundles and repairing HTTPS trust — Illustrative mockup — Progressive Robot

Solution – Alternative Approaches

Pin service endpoints to valid internal PKI and rotate certificates where expired intermediates are still in use.

Verification & Acceptance Criteria

curl and apt over HTTPS succeed without insecure flags and certificate validation errors disappear.

Rollback Plan

Remove newly added custom CA files and restore previous trust bundle backup if trust policy was over-broadened.

Prevention & Hardening

Track certificate lifecycle, automate CA bundle updates, and document enterprise root distribution procedures.

SSL certificate problem unable to get local issuer certificate and x509 unknown authority.

Related tutorial: View the step-by-step tutorial for Ubuntu 18.04 LTS.

View all Ubuntu 18.04 LTS tutorials on the Tutorials Hub →

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

man update-ca-certificates, OpenSSL verification docs, and Ubuntu security package updates.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.