I have installed Kindle 1.16.0 on Ubuntu 20.04. After hours of tweeking I got it to open successfully but when I try to open or download my Kindle books it announces that it cannot connect to the Internet It is basically the exact same problem as reported by https://askubuntu.com/users/1192347/manoelpqueiroz. It is not helpful to state which other OS sorts out the problem. Kindle says the problem lies with Ubuntu. Does anyone perhaps know how to solve this problem? Thank you in anticipation.
Asked
Active
Viewed 1,304 times
2 Answers
3
In Ubuntu, a file not managed by apt/dpkg shouldn't use /usr/share.
I faced this problem with Ubuntu 18.04 and 20.04. Both can retrieve old ca-certificates package and pick old crt.
Check old ca-certificates
$ apt-cache policy ca-certificates ca-certificates: インストールされているバージョン: 20210119~20.04.1 候補: 20210119~20.04.1 バージョンテーブル: 20210119build1 99 99 http://jp.archive.ubuntu.com/ubuntu hirsute/main amd64 Packages *** 20210119~20.04.1 990 990 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages 990 http://archive.ubuntu.com/ubuntu focal-updates/main i386 Packages 990 http://archive.ubuntu.com/ubuntu focal-security/main amd64 Packages 990 http://archive.ubuntu.com/ubuntu focal-security/main i386 Packages 100 /var/lib/dpkg/status 20190110ubuntu1 990 990 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages 990 http://archive.ubuntu.com/ubuntu focal/main i386 PackagesIn these candidates, version
20190110ubuntu1has needed crt.Retrieve, extract, copy to
/usr/local/share$ mkdir ~/tmp $ cd ~/tmp/ $ apt-get download ca-certificates=20190110ubuntu1In
/tmpdirectory$ ar vx ca-certificates_20190110ubuntu1_all.deb $ tar Jxvf data.tar.xzIn
/tmpdirectory$ sudo cp usr/share/ca-certificates/mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt /usr/local/share/ca-certificates/Import old key
$ sudo update-ca-certificatesRemove working directory
$ rm -rf ~/tmp
If using Ubuntu 18.04, specify old ca-certificate version 20180409 instead of 20190110ubuntu1.
Information (in Japanese):
Artur Meinild
- 26,018
garakusai
- 41
-
Kudos for using /usr/local -- I didn't realize that was possible – Auspex Mar 07 '22 at 09:09
2
I can't post a "comment," but this is not an "answer" per se... it's progress toward an answer. I have found a couple other communities that have had the same problem and report that they have solved it by replacing an untrusted certificate. Details here:
https://bugs.winehq.org/show_bug.cgi?id=50471
https://forums.linuxmint.com/viewtopic.php?f=47&t=342186&uid=248652
If I were comfortable enough with certificates to talk authoritatively on the topic, I would post instructions. For now all I can do is leave this info in the hands of the more experienced.
[EDIT:] Ok, I have a procedure that works, but for all I know could leave one susceptible to security issues. It goes:
1: Verify that the file /etc/ssl/certs/b204d74a.0 is not there
2: Comment in the line mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt in the file /etc/ca-certificates.conf
3: Create a file called /usr/share/ca-certificates/mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt that contains this certificate block:
-----BEGIN CERTIFICATE-----
MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL
MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln
biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp
U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1
nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex
t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz
SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG
BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+
rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/
NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH
BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy
aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv
MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE
p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y
5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK
WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ
4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N
hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
-----END CERTIFICATE-----
4: Regenerate the certs using the command sudo update-ca-certificates
5: Verify that there's now a file called /etc/ssl/certs/b204d74a.0 which links to your new cert
This worked for me. KindleForPC version 1.15 running on wine now connects up again.
Charles
- 111
-
Charles, it was incredibly kind of you to post the above answer. However, can you tell me step by step how to go about doing steps 2 and 3. I am simply not sufficiently on top of Linux to know how to enter the said file and comment etc. How do I create a .crt file? – Frank Aldridge Jul 25 '21 at 16:43
-
Frank: Sure thing! Though it's generally not good practice to copy-paste commands from the internet. 2.1:
sudo nano /etc/ca-certificates.conf2.2: Find the line that reads!mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt2.3: Delete the!from that line 2.4: Save using ctrl+o and enter 3.1:sudo nano /usr/share/ca-certificates/mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt3.2: Copy-paste that certificate block in (note that terminally usually use ctrl+shift+v rather than just ctrl+v 3.2 ctrl+o and enter to save again – Charles Jul 26 '21 at 18:32 -
-
@Charles I followed these exact steps on Ubuntu 18.04 but I can't see this
/etc/ssl/certs/b204d74a.0file getting created anywhere. Also I think what you replied to Frank contradicts what you put in step 2 above. In step 2 above, it sounds you're advising to "comment out" the line? which means prefixing with a '#' right? But in the comment you seem to say "remove the '!'". Either way, I tried both and neither work. – Lost Crotchet Jan 01 '22 at 23:00 -
-
@LostCrotchet Please note that Step 2 reads "Comment IN the line", which agrees with the Step 2.3 instruction to DELETE the "!" from before that line. – Charles Jan 03 '22 at 14:44