Troubleshooting "Unacceptable TLS certificate" Error in Linux

When it comes to SSL/TLS certificates, you may come across a variety of issues, some related to the browser or a problem in a website’s back-end.

One such error is “Unacceptable TLS certificate” in Linux.

Unfortunately, there’s no “one-solves-it-all’ answer to this. However, there are some potential solutions that you can try, and here, I plan to highlight those for you.

When do you encounter this TLS Certificate issue?

unacceptable tls certificate

In my case, I noticed the issue when adding the Flathub repository via the terminal, a step that lets you access the massive collection of Flatpaks when setting up Flatpak.

However, you can also expect to encounter this error when installing a Flatpak app or using a Flatpak ref file from a third-party repository via the terminal.

Some users noticed this issue when using their organization’s recommended VPN service for work on Linux.

So, how do you fix it? Why is this a problem?

Well, technically, it’s either of two things:

  • Your system does not accept the certificate (and tells that it’s invalid).
  • The certificate does not match the domain the user connects to.

If it’s the second, you will have to reach out to the website’s administrator and fix it from their end.

But if it’s the first, you have a couple of ways to deal with it.

1. Fix “Unacceptable TLS certificate” when using Flatpak or adding GNOME Online Accounts

If you are trying to add Flathub remote or a new Flatpak application and notice the error in the terminal, you can simply type in:

sudo apt install --reinstall ca-certificates

This should re-install the trusted CA certificates, in case there has been an issue with the list in some way.

tls certificate troubleshoot

In my case, when trying to add the Flathub repository, I encountered the error, which was resolved by typing the above command in the terminal.

So, I think that any Flatpak-related issues with TLS certificates can be fixed using this method.

If you do not use any Ubuntu-based distros, let me share another experience of mine:

I encountered this error on Manjaro Linux:

manjaro tls certificate error

While you can re-install ca-certificates on Manjaro Linux using the following command:

sudo pacman -S ca-certificates

Unfortunately, that may not work in most cases. But, when I enabled “Automatic Date & Time” under the Date and Time settings, the error was resolved, and I was able to install the Flatpak required.

manjaro date time

2. Fix “Unacceptable TLS certificate” when using Work VPN

If you are using your organization’s VPN to access materials related to work, you might have to add the certificate to the list of trusted CAs in your Linux distro.

Do note that you need the VPN service or your organization’s administrator to share the .CRT version of the root certificate to get started.

Next, you will need to navigate your way to /usr/local/share/ca-certificates directory.

You can create a directory under it and use any name to identify your organization’s certificate. And, then add the .CRT file to that directory.

For instance, its usr/local/share/ca-certificates/organization/xyz.crt

Do note that you need root privileges to add certificates or make a directory under the ca-certificates directory.

Once you have added the necessary certificate, all you have to do is update the certificate support list by typing in:

sudo update-ca-certificates

And, the certificate should be treated valid by your system whenever you try to connect to your company’s VPN.

Wrapping Up

An unacceptable TLS certificate is not a common error, but you can find it in various use cases, such as connecting to GNOME Online accounts.

If the error cannot be resolved by two of these methods, it is possible that the domain/service you are connecting to has a configuration error. In that case, you will have to contact them to fix the issue.

Have you faced this error anytime? How did you fix it? Are you aware of other solutions to this problem (potentially, something that’s easy to follow)? Let me know your thoughts in the comments below.

About the author
Ankush Das

Ankush Das

A passionate technophile who also happens to be a Computer Science graduate. You will usually see cats dancing to the beautiful tunes sung by him.

Become a Better Linux User

With the FOSS Weekly Newsletter, you learn useful Linux tips, discover applications, explore new distros and stay updated with the latest from Linux world


Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to It's FOSS.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.