On 10/18/18 8:08 AM, Laurent Bigonville wrote: > > In the past I've added certificates in /usr/local/share/ca-certificates > > After running update-ca-certificates symlinks were added in > /etc/ssl/certs > > After removing the files from /usr/local/share/ca-certificates and > running update-ca-certificates again, the symlinks are not removed and > are now broken.
A patch for a couple other bug reports is going to fix this without running `update-ca-certificates --fresh`. Using --fresh will remove *all* symlinks and generate the entire set, so that will always work in this case. https://salsa.debian.org/debian/ca-certificates/commit/cfe7064cb707ed2e8ac587877c1153029d46dc28 This is going to find and remove any broken symlinks from /etc/ssl/certs before running `openssl rehash`, so we should catch a removal of a custom certificate from /usr/local/share/ca-certificates. -- Kind regards, Michael
