Kindle won't connect
Solution 1:
In Ubuntu, a file not managed by apt/dpkg shouldn't use /usr/share.
I faced this problem with Ubuntu 18.04 and 20.04. Both can retrieve old ca-certificates package and pick old crt.
-
Check old ca-certificates
$ apt-cache policy ca-certificates ca-certificates: インストールされているバージョン: 20210119~20.04.1 候補: 20210119~20.04.1 バージョンテーブル: 20210119build1 99 99 http://jp.archive.ubuntu.com/ubuntu hirsute/main amd64 Packages *** 20210119~20.04.1 990 990 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages 990 http://archive.ubuntu.com/ubuntu focal-updates/main i386 Packages 990 http://archive.ubuntu.com/ubuntu focal-security/main amd64 Packages 990 http://archive.ubuntu.com/ubuntu focal-security/main i386 Packages 100 /var/lib/dpkg/status 20190110ubuntu1 990 990 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages 990 http://archive.ubuntu.com/ubuntu focal/main i386 PackagesIn these candidates, version
20190110ubuntu1has needed crt. -
Retrieve, extract, copy to
/usr/local/share$ mkdir ~/tmp $ cd ~/tmp/ $ apt-get download ca-certificates=20190110ubuntu1In
/tmpdirectory$ ar vx ca-certificates_20190110ubuntu1_all.deb $ tar Jxvf data.tar.xzIn
/tmpdirectory$ sudo cp usr/share/ca-certificates/mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt /usr/local/share/ca-certificates/ -
Import old key
$ sudo update-ca-certificates -
Remove working directory
$ rm -rf ~/tmp
If using Ubuntu 18.04, specify old ca-certificate version 20180409 instead of 20190110ubuntu1.
Information (in Japanese):
- https://twitter.com/sagawa_aki/status/1362737836886085634
- https://twitter.com/sagawa_aki/status/1362737841998950401
- https://twitter.com/sagawa_aki/status/1362737839557939201
Solution 2:
I can't post a "comment," but this is not an "answer" per se... it's progress toward an answer. I have found a couple other communities that have had the same problem and report that they have solved it by replacing an untrusted certificate. Details here:
https://bugs.winehq.org/show_bug.cgi?id=50471
https://forums.linuxmint.com/viewtopic.php?f=47&t=342186&uid=248652
If I were comfortable enough with certificates to talk authoritatively on the topic, I would post instructions. For now all I can do is leave this info in the hands of the more experienced.
[EDIT:] Ok, I have a procedure that works, but for all I know could leave one susceptible to security issues. It goes:
1: Verify that the file /etc/ssl/certs/b204d74a.0 is not there
2: Comment in the line mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt in the file /etc/ca-certificates.conf
3: Create a file called /usr/share/ca-certificates/mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt that contains this certificate block:
-----BEGIN CERTIFICATE-----
MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL
MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln
biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp
U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1
nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex
t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz
SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG
BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+
rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/
NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH
BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy
aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv
MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE
p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y
5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK
WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ
4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N
hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
-----END CERTIFICATE-----
4: Regenerate the certs using the command sudo update-ca-certificates
5: Verify that there's now a file called /etc/ssl/certs/b204d74a.0 which links to your new cert
This worked for me. KindleForPC version 1.15 running on wine now connects up again.