🟡 Medium   ⏱ 5–30 min  Last verified: 20 May 2026

📖 ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

apt update fails for HTTPS repositories with certificate verification errors, blocking updates and installs.

Environment & Reproduction

Ubuntu 22.04 systems behind intercepting proxies or with outdated CA bundles. Reproduce with expired/missing CA trust roots.

Root Cause Analysis

TLS trust chain validation fails because root/intermediate certificates are missing, expired, or replaced by enterprise interception certs not installed.

Quick Triage

Confirm system time, test endpoint with openssl s_client, and inspect apt error output for specific certificate failure reason.

Step-by-Step Diagnosis

Check ca-certificates package state with apt policy, inspect /etc/ssl/certs symlinks, and review proxy TLS behavior if applicable.

Illustrative mockup for ubuntu-22-04-lts — ubuntu2204-common-problem-22-ca-certs-01.webp
apt HTTPS repository access fails due to certificate trust issues. — Illustrative mockup — Progressive Robot

Solution – Primary Fix

Reinstall/update ca-certificates via apt, add required enterprise root certs to /usr/local/share/ca-certificates, and run sudo update-ca-certificates.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

Illustrative mockup for ubuntu-22-04-lts — ubuntu2204-common-problem-22-ca-certs-02.webp
Refresh CA store and validate TLS chain from repository endpoint. — Illustrative mockup — Progressive Robot

Solution – Alternative Approaches

Temporarily switch to trusted mirror endpoint while repairing local trust chain; avoid disabling HTTPS verification.

Verification & Acceptance Criteria

apt update succeeds over HTTPS, certificate chain validates, and repository signatures are trusted.

Rollback Plan

Remove recently added custom CAs if incorrect and restore prior certificate bundle backup.

Prevention & Hardening

Track certificate expiry, manage enterprise CAs centrally, and monitor apt TLS failures proactively.

certificate verification failed, unable to get local issuer certificate, TLS handshake failure.

Related tutorial: View the step-by-step tutorial for Ubuntu 22.04 LTS.

View all Ubuntu 22.04 LTS tutorials on the Tutorials Hub →

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Ubuntu apt-secure docs, OpenSSL certificate troubleshooting, update-ca-certificates manual.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.