Nuget Package restore failing on Ubuntu 20.04 with remote certificate is invalid-CodePudding

I have a .net core 3.1 project I am attempting to build on an Ubuntu 20.04 virtual machine.

The project was building successfully, I now need to update one of the NuGet packages in the project. Once I change the package version in the .csproj file to the required version, when I either build or perform "dotnet restore" I get the following message:

/usr/share/dotnet/sdk/3.1.415/NuGet.targets(128,5): error : Unable to load the service index for source https://api.nuget.org/v3/index.json. [/home/ic/Source/redacted.csproj]
/usr/share/dotnet/sdk/3.1.415/NuGet.targets(128,5): error :   The SSL connection could not be established, see inner exception. [/home/ic/Source/redacted.csproj]
/usr/share/dotnet/sdk/3.1.415/NuGet.targets(128,5): error :   The remote certificate is invalid according to the validation procedure. [/home/ic/Source/redacted.csproj]

If I browse to https://api.nuget.org/v3/index.json I can successfully view the json in the browser and the certificate appears to be trusted.

I have:

Updated packages (apt-get update AND apt-get upgrade)
Updated NuGet
Set certificate thumbnails in NuGet.Config as per the update in this question: Problem resolving Nuget Packages in Devops Build Agent due to Certificate issues
I can see the DigiCert root certificate for nuget.org in the trusted certificates on Ubuntu

CodePudding user response：

Not sure in the end what actually solved my problem, but, long story short, I think the following worked:

Running wget on api.nuget.org gave:

--2021-12-02 09:38:34--  https://api.nuget.org/v3/index.json
Resolving api.nuget.org (api.nuget.org)... 152.199.40.167
Connecting to api.nuget.org (api.nuget.org)|152.199.40.167|:443... connected.
ERROR: cannot verify api.nuget.org's certificate, issued by 'CN=Microsoft Azure TLS Issuing CA 05,O=Microsoft Corporation,C=US’:
  Unable to locally verify the issuer's authority.
To connect to api.nuget.org insecurely, use `--no-check-certificate'.

At some point in researching that error, I reinstalled ca-certificates (not sure if that has anything to do with resolving the problem):

sudo apt-get install --reinstall ca-certificates

Ultimately, I found: "dotnet restore" fails with "SSL peer certificate or SSH remote key was not OK" which led me to setting the SSL_CERT_FILE environment variable:

export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt

That seems to have been the key and dotnet restore now works correctly.