Cannot update Jenkins on Debian due to certification problem

Skip to first unread message

Riccardo Foschia

Oct 5, 2021, 8:32:33 AM10/5/21
to Jenkins Users
Hi all,

I'm trying to update a Jenkins installation on Debian to the current
version 2.314 using

apt-get update
apt-get install jenkins

but calling apt-get update gives me the following error so apt-get
install fails also:

Fehl:8 binary/ Release
server certificate verification failed. CAfile:
/etc/ssl/certs/ca-certificates.crt CRLfile: none
E: The repository ' binary/ Release' does
no longer have a Release file.
N: Updating from such a repository can't be done securely, and is
therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user
configuration details.

The error for me looks like

Is there currently an issue with SSL certificate for Or is there another problem? What can I do?

Thanks in advance and kind regards,


Lyonerring 1
66121 Saarbrücken
Tel: +49 - 681 / 99687-0
Fax: +49 - 681 / 99687-99

Rechtsform: Aktiengesellschaft
Sitz: Saarbrücken
HR B Nr. 13 380 Amtsgericht Saarbrücken
USt-IdNr. DE 1 38 166667
Vorstände: Dipl.-Inform. Peter Badt und Dipl.-Inform. Peter Raber
Vorsitzender des Aufsichtsrats: Reinhard Kuhn

Mark Waite

Oct 5, 2021, 8:52:03 AM10/5/21
to Jenkins Users
Be sure that the ca-certificates package on your Debian distribution is current.  An older root certificate for Let's Encrypt expired Sep 30, 2021.  See for more info

If you're running a Debian version that is no longer maintained (like Debian "wheezy") you may need to update your operating system or perform other more manual operations to recognize the root certificate.

Sinh Lam

Oct 5, 2021, 1:47:42 PM10/5/21
to, Riccardo Foschia
This has something to do with one of the CA certs expiring on 09/30.  This caused a bit of a ruckus.  the solution that worked for me was removing the CA from the “active” list.  On Debian I believe there is a file /etc/ca-certificates.conf that you can modify and then run update-ca-certificates and it’ll get rid of it.

The other solutions (that didn’t work for me - I do however run ubuntu and not deb even though it’s an based on it) is to update the openssl package or the ca-certificates package.  Neither worked for me and I rather not muck with ssl libs on production systems if I don’t have to.  


That’s the cert that expired.  Just comment it out with an exclamation mark before you run the update command.

Hope this help.

You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To view this discussion on the web visit
Reply all
Reply to author
0 new messages