I have an Ubuntu 14.04.5 LTS installation. It just recently became unable to verify modern Let’s Encrypt certificates. The current version of ca-certificates is 20160104ubuntu0.14.04.1. apt search ca-certificates tells me that the package is upgradeable to 20170717~14.04.2 from trusty-updates, but I think that’s probably not modern enough.
I see ca-certificates version 20210119~18.04.2 in bionic-updates. Is it possible to install this without disrupting the system? Is there a better way? Thanks.
>Solution :
You can install the latest stable certs from source (you’ll need a working wget and unxz or at least a way of copying the uncompressed .tar file or its contents onto your target server (perhaps just scp -r once you’ve extracted it locally):
# Ensure dependencies
sudo apt -y install make tar xz-utils wget
# Make a place to build it in
mkdir -p ~/src
cd ~/src
wget https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/ca-certificates/20210119~20.04.2/ca-certificates_20210119~20.04.2.tar.xz
tar -xJf ca-certificates_20210119~20.04.2.tar.xz
# Now build and install
cd ca-certificates-20210119~20.04.1
make
sudo make install
# You might want to run this interactively to ensure
# you can select the ISRG Root X1
# in which case, just run: sudo dpkg-reconfigure ca-certificates
sudo dpkg-reconfigure -fnoninteractive ca-certificates
sudo update-ca-certificates
/usr/bin/c_rehash /etc/ssl/certs