Install latest ca-certificates on Ubuntu 14

14.04letsencryptssl

I have an Ubuntu 14.04.5 LTS installation. It just recently became unable to verify modern Let's Encrypt certificates. The current version of ca-certificates is 20160104ubuntu0.14.04.1. apt search ca-certificates tells me that the package is upgradeable to 20170717~14.04.2 from trusty-updates, but I think that's probably not modern enough.

I see ca-certificates version 20210119~18.04.2 in bionic-updates. Is it possible to install this without disrupting the system? Is there a better way? Thanks.

Best Answer

You can install the latest stable certs from source (you'll need a working wget and unxz or at least a way of copying the uncompressed .tar file or its contents onto your target server (perhaps just scp -r once you've extracted it locally):

# Ensure dependencies
sudo apt -y install make tar xz-utils wget

# Make a place to build it in
mkdir -p ~/src
cd ~/src
wget https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/ca-certificates/20210119~20.04.2/ca-certificates_20210119~20.04.2.tar.xz    
tar -xJf ca-certificates_20210119~20.04.2.tar.xz

# Now build and install
cd ca-certificates-20210119~20.04.1
make
sudo make install

# You might want to run this interactively to ensure
# you can select the ISRG Root X1
# in which case, just run: sudo dpkg-reconfigure ca-certificates
sudo dpkg-reconfigure -fnoninteractive ca-certificates
sudo update-ca-certificates
/usr/bin/c_rehash /etc/ssl/certs
Related Question