Ubuntu 20.04 - snap buggy from the beginning - x509: certificate signed by unknown authority

I recently installed Ubuntu 20.04. Considering the time that passed since its release I thought it would be stable. After installing it, I go to Snap Store (named Ubuntu Software) and I see that several new programs appear, but after a few moments, only the editor picks show, nothing else.

I try to install PyCharm through the command line with snap, sudo snap install pycharm-community --classic but it gives me this error: x509: certificate signed by unknown authority.

Afterwards, I decide to purge snap store and reinstall it, and after running these 2 commands: sudo apt-get update , sudo apt install snapd , I enter this one sudo snap install snap-store and gives me again, the same error with the certificates.

I got no idea whats going on. I installed it from 0

Edit 1 :
Output of snap list :

No snaps are installed yet. Try 'snap install hello-world'.

Output of sudo snap install snap-store :

error: cannot install "snap-store": Post
       https://api.snapcraft.io/v2/snaps/refresh: x509: certificate signed by
       unknown authority

Sounds like an issue with your local CA certificates rather than an issue with the snap store or snapd. I can connect to api.snapcraft.io via TLS on port 443, it’s using a certificate signed by Let’s Encrypt.

Please run openssl s_client -connect api.snapcraft.io:443 in a local terminal to verify if the TLS connection is working properly.

If there’s an error, try running sudo update-ca-certificates in a local terminal to update your certificate store. Something there seems to be off.

3 Likes

You may want to sudo apt dist-upgrade to make sure you have all updates.

1 Like

just run it,0 added, 0 removed

seems there’s a problem there: unable to get local issuer certificate
after running sudo update-ca-certificates it says:
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done.

Just an idea - are you running this in a corporate network, via a captive portal, or in some other situation where there is a third party man-in-the-middling your TLS connections? Can you connect to https sites from this machine?

1 Like

sure, can connect. it’s a normal network, not corporate or something like that

is your clock of the machine set correctly ?

yes it was. I also just checked again, and automatically updated it with the internet connection to be sure

and did you try the

openssl s_client -connect api.snapcraft.io:443

command that @tobias suggested to get some debug data from openssl ?

2 Likes