Ah yes, /usr/sbin/update-ca-certificates is deleting the ca- certificates.crt shortly before atomically moving the new version into place.
It looks like a fic was committed in debian for this a couple of weeks ago: https://salsa.debian.org/debian/ca-certificates/-/commit/8f8f4a525bd6a6c8a8d13530cda194d60275313d but has not landed there. ** Bug watch added: Debian Bug tracker #920348 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920348 ** Also affects: ca-certificates (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920348 Importance: Unknown Status: Unknown ** Changed in: ca-certificates (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1914839 Title: package upgrade should replace /etc/ssl/certs/ca-certificates.crt atomically Status in ca-certificates package in Ubuntu: Confirmed Status in ca-certificates package in Debian: Unknown Bug description: While upgrading the ca-certificates package, a process got the error: SSL_ca_file /etc/ssl/certs/ca-certificates.crt does not exist This file should be replaced atomically, with no time gap where the file does not exist. (I am flagging this as a security vulnerability because, while I did not experience any security issue, I can imagine at least the possibility of this being exploitable in some way in some circumstances.) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1914839/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp