After our servers were updated to this release of ca-certificates, it completely broke the SSL setup across our fleet as we use a custom CA certificate set that is installed following the documented instructions in /usr/local/share/ca-certificates with .crt extensions. After running /usr/sbin/update-ca-certificates and /usr/bin/c_rehash, normal functionality was restored.
This was on Ubuntu jammy vs noble. Issue did not occur until after the systems were rebooted as part of an automated patch & reboot cycle. From dpkg.log: 2026-06-17 06:41:15 upgrade ca-certificates:all 20240203~22.04.1 20260601~22.04.1 2026-06-17 06:41:15 status half-configured ca-certificates:all 20240203~22.04.1 2026-06-17 06:41:15 status unpacked ca-certificates:all 20240203~22.04.1 2026-06-17 06:41:15 status half-installed ca-certificates:all 20240203~22.04.1 2026-06-17 06:41:15 status unpacked ca-certificates:all 20260601~22.04.1 2026-06-17 06:41:15 configure ca-certificates:all 20260601~22.04.1 <none> 2026-06-17 06:41:15 status unpacked ca-certificates:all 20260601~22.04.1 2026-06-17 06:41:15 status half-configured ca-certificates:all 20260601~22.04.1 2026-06-17 06:41:18 status installed ca-certificates:all 20260601~22.04.1 2026-06-17 06:41:18 status triggers-pending ca-certificates:all 20260601~22.04.1 2026-06-17 06:41:18 trigproc ca-certificates:all 20260601~22.04.1 <none> 2026-06-17 06:41:18 status half-configured ca-certificates:all 20260601~22.04.1 2026-06-17 06:41:19 status installed ca-certificates:all 20260601~22.04.1 From /var/log/apt/history.log: Start-Date: 2026-06-17 06:41:15 Commandline: /usr/bin/unattended-upgrade Upgrade: ca-certificates:amd64 (20240203~22.04.1, 20260601~22.04.1) End-Date: 2026-06-17 06:41:19 From /var/log/apt/term.log: Log started: 2026-06-17 06:41:15 (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 220699 files and directories currently installed.) Preparing to unpack .../ca-certificates_20260601~22.04.1_all.deb ... Unpacking ca-certificates (20260601~22.04.1) over (20240203~22.04.1) ... Setting up ca-certificates (20260601~22.04.1) ... Updating certificates in /etc/ssl/certs... rehash: warning: skipping nxlogclient.dropboxer.net.pem,it does not contain exactly one certificate or CRL rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL rehash: warning: skipping dropbox_serverca_2024.pem,it does not contain exactly one certificate or CRL rehash: warning: skipping corpdbx.chain.pem,it does not contain exactly one certificate or CRL rehash: warning: skipping duplicate certificate in corpdbx-dbx-ldap-useast-prod-1.corp.dropbox.com.pem rehash: warning: skipping corpdbx-dbx-ldap-useast-prod-1.corp.dropbox.com.chain.pem,it does not contain exactly one certificate or CRL 14 added, 39 removed; done. Processing triggers for man-db (2.10.2-1) ... Processing triggers for ca-certificates (20260601~22.04.1) ... Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done. Log ended: 2026-06-17 06:41:19 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2157000 Title: package ca-certificates 20260601~24.04.1 failed to install/upgrade: installed ca-certificates package post-installation script subprocess returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/2157000/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
