debian でCA証明書の更新

自分のための備忘録
CA証明書の都度更新

HTTPS 通信でエラー

$ git clone http://github.com/creationix/nvm.git .nvm
Cloning into '.nvm'...
error: Problem with the SSL CA cert (path? access rights?) while accessing http://github.com/creationix/nvm.git/info/refs
fatal: HTTP request failed

CA証明書更新

$ sudo /usr/sbin/update-ca-certificates
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....
done.
done.

これでエラー解消

man update-ca-certificates

       update-ca-certificates is a program that updates the directory /etc/ssl/certs to hold SSL certificates and generates
       certificates.crt, a concatenated single-file list of certificates.

       It reads the file /etc/ca-certificates.conf. Each line gives a pathname of a CA certificate under /usr/share/ca-cer‐
       tificates that should be trusted.  Lines that begin with "#" are comment lines and thus ignored.  Lines  that  begin
       with "!" are deselected, causing the deactivation of the CA certificate in question.

       Furthermore all certificates found below /usr/local/share/ca-certificates are also included as implicitly trusted.

       Before  terminating,  update-ca-certificates  invokes run-parts on /etc/ca-certificates/update.d and calls each hook
       with a list of certificates: those added are prefixed with a +, those removed are prefixed with a -.