Kindle won't connect

Solution 1:

In Ubuntu, a file not managed by apt/dpkg shouldn't use /usr/share. I faced this problem with Ubuntu 18.04 and 20.04. Both can retrieve old ca-certificates package and pick old crt.

  1. Check old ca-certificates

    $ apt-cache policy ca-certificates
    ca-certificates:
      インストールされているバージョン: 20210119~20.04.1
      候補:               20210119~20.04.1
      バージョンテーブル:
         20210119build1 99
             99 http://jp.archive.ubuntu.com/ubuntu hirsute/main amd64 Packages
     *** 20210119~20.04.1 990
            990 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
            990 http://archive.ubuntu.com/ubuntu focal-updates/main i386 Packages
            990 http://archive.ubuntu.com/ubuntu focal-security/main amd64 Packages
            990 http://archive.ubuntu.com/ubuntu focal-security/main i386 Packages
            100 /var/lib/dpkg/status
         20190110ubuntu1 990
            990 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages
            990 http://archive.ubuntu.com/ubuntu focal/main i386 Packages
    

    In these candidates, version 20190110ubuntu1 has needed crt.

  2. Retrieve, extract, copy to /usr/local/share

    $ mkdir ~/tmp
    $ cd ~/tmp/
    $ apt-get download ca-certificates=20190110ubuntu1
    

    In /tmp directory

    $ ar vx ca-certificates_20190110ubuntu1_all.deb
    $ tar Jxvf data.tar.xz
    

    In /tmp directory

    $ sudo cp usr/share/ca-certificates/mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt /usr/local/share/ca-certificates/
    
  3. Import old key

    $ sudo update-ca-certificates
    
  4. Remove working directory

    $ rm -rf ~/tmp
    

If using Ubuntu 18.04, specify old ca-certificate version 20180409 instead of 20190110ubuntu1.

Information (in Japanese):

  • https://twitter.com/sagawa_aki/status/1362737836886085634
  • https://twitter.com/sagawa_aki/status/1362737841998950401
  • https://twitter.com/sagawa_aki/status/1362737839557939201

Solution 2:

I can't post a "comment," but this is not an "answer" per se... it's progress toward an answer. I have found a couple other communities that have had the same problem and report that they have solved it by replacing an untrusted certificate. Details here:

https://bugs.winehq.org/show_bug.cgi?id=50471

https://forums.linuxmint.com/viewtopic.php?f=47&t=342186&uid=248652

If I were comfortable enough with certificates to talk authoritatively on the topic, I would post instructions. For now all I can do is leave this info in the hands of the more experienced.

[EDIT:] Ok, I have a procedure that works, but for all I know could leave one susceptible to security issues. It goes:

1: Verify that the file /etc/ssl/certs/b204d74a.0 is not there

2: Comment in the line mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt in the file /etc/ca-certificates.conf

3: Create a file called /usr/share/ca-certificates/mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt that contains this certificate block:

-----BEGIN CERTIFICATE-----
MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL
MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln
biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp
U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1
nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex
t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz
SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG
BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+
rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/
NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH
BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy
aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv
MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE
p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y
5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK
WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ
4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N
hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
-----END CERTIFICATE-----

4: Regenerate the certs using the command sudo update-ca-certificates

5: Verify that there's now a file called /etc/ssl/certs/b204d74a.0 which links to your new cert

This worked for me. KindleForPC version 1.15 running on wine now connects up again.