[GH-ISSUE #192] mkcert -install (v1.4.0) fails to run in Ubuntu 16.04: SEC_ERROR_READ_ONLY #122

New issue

Closed

opened 2026-02-25 22:32:39 +03:00 by kerem · 4 comments

kerem commented

2026-02-25 22:32:39 +03:00

Owner

Originally created by @rfay on GitHub (Aug 19, 2019).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/192

Ubuntu 16.04, linuxbrew-installed mkcert v1.4.0, mkcert -install fails with certutil error:

mkcert -install
Created a new local CA at "/home/circleci/.local/share/mkcert" 💥
The local CA is now installed in the system trust store! ⚡️
ERROR: failed to execute "certutil -A": exit status 255

certutil: function failed: SEC_ERROR_READ_ONLY: security library: read-only database.

Originally created by @rfay on GitHub (Aug 19, 2019). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/192 Ubuntu 16.04, linuxbrew-installed mkcert v1.4.0, mkcert -install fails with certutil error: ``` mkcert -install Created a new local CA at "/home/circleci/.local/share/mkcert" 💥 The local CA is now installed in the system trust store! ⚡️ ERROR: failed to execute "certutil -A": exit status 255 certutil: function failed: SEC_ERROR_READ_ONLY: security library: read-only database. ```

kerem closed this issue

2026-02-25 22:32:40 +03:00

kerem commented

2026-02-25 22:32:40 +03:00

Author

Owner

@rfay commented on GitHub (Aug 19, 2019):

On Debian 9 and Debian 10 this doesn't seem to be a problem AFAICT
On Ubuntu 18.04, it prompts for sudo password and succeeds.
On Fedora 30 it is successful without need for sudo (apparently)

@rfay commented on GitHub (Aug 19, 2019): On Debian 9 and Debian 10 this doesn't seem to be a problem AFAICT On Ubuntu 18.04, it prompts for sudo password and succeeds. On Fedora 30 it is successful without need for sudo (apparently)

kerem commented

2026-02-25 22:32:40 +03:00

Author

Owner

@rfay commented on GitHub (Aug 20, 2019):

On Manjaro (and probably arch the same) using linuxbrew it prompts for sudo password successfully and works.

@rfay commented on GitHub (Aug 20, 2019): On Manjaro (and probably arch the same) using linuxbrew it prompts for sudo password successfully and works.

kerem commented

2026-02-25 22:32:40 +03:00

Author

Owner

@rfay commented on GitHub (Aug 20, 2019):

I think #193 will solve this problem in a fairly generic way. It might also be possible and simpler to always use sudo on certutil.

@rfay commented on GitHub (Aug 20, 2019): I think #193 will solve this problem in a fairly generic way. It might also be possible and simpler to always use sudo on certutil.

kerem commented

2026-02-25 22:32:40 +03:00

Author

Owner

@topher200 commented on GitHub (Oct 18, 2019):

I'm experiencing this issue when testing an Azure pipeline on both Ubuntu 16.04 and 18.04.

+ mkcert -install --cert-file certificate.pem --key-file key.pem lh.wordstream.com
Created a new local CA at "/home/vsts/.local/share/mkcert" 💥
The local CA is now installed in the system trust store! ⚡️
ERROR: failed to execute "certutil -A": exit status 255

certutil: function failed: SEC_ERROR_READ_ONLY: security library: read-only database.

Using @rfay's binaries from #193 resolved the issue for me.

wget https://github.com/rfay/mkcert/releases/download/v1.4.1-alpha1/mkcert-v1.4.1-alpha1-linux-amd64 -O bin/mkcert

@topher200 commented on GitHub (Oct 18, 2019): I'm experiencing this issue when testing an Azure pipeline on both Ubuntu 16.04 and 18.04. ``` + mkcert -install --cert-file certificate.pem --key-file key.pem lh.wordstream.com Created a new local CA at "/home/vsts/.local/share/mkcert" 💥 The local CA is now installed in the system trust store! ⚡️ ERROR: failed to execute "certutil -A": exit status 255 certutil: function failed: SEC_ERROR_READ_ONLY: security library: read-only database. ``` Using @rfay's binaries from #193 resolved the issue for me. ``` wget https://github.com/rfay/mkcert/releases/download/v1.4.1-alpha1/mkcert-v1.4.1-alpha1-linux-amd64 -O bin/mkcert ```