Error updating Workstation - Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification.

vaaav · February 19, 2021, 2:09pm

Dear all,

I checked previous topics and the search field, and yet I couldn’t find an answer to my question, so here it goes.

I update both gateway and workstation daily; the gateway updates smoothly, yet for 3 days I get the same error in workstation after I insert in command:

user@host:~$ upgrade-nonroot

Ign:1 tor+https://deb.debian.org/debian-security buster/updates InRelease

Ign:2 tor+https://deb.whonix.org buster InRelease

Ign:3 tor+https://deb.debian.org/debian buster-updates InRelease

Err:4 tor+https://deb.whonix.org buster Release

Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 127.0.0.1 9050]

Ign:5 tor+https://deb.debian.org/debian buster InRelease

Err:6 tor+https://deb.debian.org/debian-security buster/updates Release

Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 127.0.0.1 9050]

Err:7 tor+https://deb.debian.org/debian buster-updates Release

Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 127.0.0.1 9050]

Err:8 tor+https://deb.debian.org/debian buster Release

Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 127.0.0.1 9050]

Reading package lists…

W: tor+https://deb.debian.org/debian-security/dists/buster/updates/InRelease: No system certificates available. Try installing ca-certificates.

W: tor+https://deb.whonix.org/dists/buster/InRelease: No system certificates available. Try installing ca-certificates.

W: tor+https://deb.debian.org/debian/dists/buster-updates/InRelease: No system certificates available. Try installing ca-certificates.

W: tor+https://deb.whonix.org/dists/buster/Release: No system certificates available. Try installing ca-certificates.

E: The repository ‘tor+https://deb.whonix.org buster Release’ no longer has a Release file.

W: tor+https://deb.debian.org/debian/dists/buster/InRelease: No system certificates available. Try installing ca-certificates.

W: tor+https://deb.debian.org/debian-security/dists/buster/updates/Release: No system certificates available. Try installing ca-certificates.

E: The repository ‘tor+https://deb.debian.org/debian-security buster/updates Release’ no longer has a Release file.

W: tor+https://deb.debian.org/debian/dists/buster-updates/Release: No system certificates available. Try installing ca-certificates.

E: The repository ‘tor+https://deb.debian.org/debian buster-updates Release’ no longer has a Release file.

W: tor+https://deb.debian.org/debian/dists/buster/Release: No system certificates available. Try installing ca-certificates.

E: The repository ‘tor+https://deb.debian.org/debian buster Release’ no longer has a Release file.

I wonder what the problem is. Btw I am a kinda of a noob so please be gentle with the explanation/solution . I appreciate your time and knowledge.

Have a good one.

vaaav

Patrick · February 20, 2021, 1:22pm

It seems very conceivable to me that a package was installed or removed which resulted in removal of a Whonix meta packages. Upon running sudo apt autoremove, the ca-certifcates was uninstalled which is required for https (TLS) verification.

Easiest solution and recommended anyhow:

As a workaround to re-install ca-certifcates without security issues:

sudo apt install ca-certifcates

vaaav · February 20, 2021, 3:09pm

Dear Patrick,

Thank you for your reply and all the hard work.

I went the easy route as I did not have much content there, so I re-installed everything, with success regarding the ca-certificates ultimately.

May not be logic, but maybe in one instance I typed “y” instead of “Y” (capital Y) + enter in cmd when approving upgrades. May that be the reason for not installing them in the first place?.. even though it may seem awkward as an explanation; the thing is, I really did not do anything else at all besides commanding upgrade-nonroot in both gateway and workstation and continuing on, so I can only call this the reason behind it.

I really appreciate all the help.

Have a good one.

vaaav

Patrick · February 21, 2021, 11:24am

If you would like to investigate, see this file:

/var/log/apt/history.log

(Debian feature.)

vaaav · February 21, 2021, 7:32pm

Thank you Patrick, Ill keep that entry in mind.

The following is very off topic, but it is quite a simple question, and I can always move it for a separate topic if the explanation is valid for more people searching for this.

I understand that opening Tor full-window and add any add-ons besides those already installed makes you stand out from the crowd if I understood correctly, yet when it comes to customizing the workstation such as changing appearance to dark mode, and moving folders and that I wonder if it does the same effect…

I appreciate the feedback, and thank you again

vaaav

pickrionta · April 4, 2021, 5:33pm

Hi, I resolved this issue with following command:

apt install --reinstall ca-certificates