[GH-ISSUE #306] update-ca-certificates rehash error (hash table overflow) #197

New issue

Closed

opened 2026-02-25 22:32:50 +03:00 by kerem · 1 comment

kerem commented

2026-02-25 22:32:50 +03:00

Owner

Originally created by @aral on GitHub (Nov 3, 2020).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/306

Encountered with mkcert version 1.4.1.

I’m not entirely sure why this started happening today but I’m going to document it here in case it helps anyone else.

When running my tests (which generate certificate authorities), I started encountering the following error:

Command failed: /home/aral/.small-tech.org/auto-encrypt-localhost/mkcert-v1.4.1-linux-amd64 -install
    Created a new local CA at "/home/aral/.small-tech.org/auto-encrypt-localhost" 💥
    ERROR: failed to execute "update-ca-certificates": exit status 134
    Updating certificates in /etc/ssl/certs...
    rehash: error: hash table overflow for mkcert_development_CA_76913251760376997753161041127229202716.pem
    rehash: error: hash table overflow for mkcert_development_CA_300360415125013060185903208978231170143.pem
    rehash: error: hash table overflow for mkcert_development_CA_153594660651925404699929286764783442924.pem
    rehash: error: hash table overflow for mkcert_development_CA_3243189055737429532705980019443809730.pem
    rehash: error: hash table overflow for mkcert_development_CA_335614305519919366026232901584440763094.pem
    rehash: error: hash table overflow for mkcert_development_CA_153594660651925404699929286764783442924.pem
    rehash: error: hash table overflow for mkcert_development_CA_335614305519919366026232901584440763094.pem
    rehash: error: hash table overflow for mkcert_development_CA_76913251760376997753161041127229202716.pem
    *** buffer overflow detected ***: terminated

Running sudo update-ca-certifiates -f by itself gave me the same error.

Given that it started happening without any other changes, I started wondering if it had to do with the sheer number of mkcert root CAs I had generated while running my tests over however many months/years.

So I tried:

 sudo rm /usr/local/share/ca-certificates/mkcert_development_CA_*

followed by:

sudo update-ca-certifiates -f

And that solved the issue.

The output of that last command informed me that 426 previously-trusted certificates were now removed.

I’m pretty sure most folks won’t run into this unless they’re testing a tool like auto-encrypt-localhost that uses mkcert to generate certificate authorities and certificates and tests them but still, in case anyone does, I hope this issue helps.

Please feel free to close it.

Originally created by @aral on GitHub (Nov 3, 2020). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/306 __Encountered with mkcert version 1.4.1.__ I’m not entirely sure why this started happening today but I’m going to document it here in case it helps anyone else. When running my tests (which generate certificate authorities), I started encountering the following error: ``` Command failed: /home/aral/.small-tech.org/auto-encrypt-localhost/mkcert-v1.4.1-linux-amd64 -install Created a new local CA at "/home/aral/.small-tech.org/auto-encrypt-localhost" 💥 ERROR: failed to execute "update-ca-certificates": exit status 134 Updating certificates in /etc/ssl/certs... rehash: error: hash table overflow for mkcert_development_CA_76913251760376997753161041127229202716.pem rehash: error: hash table overflow for mkcert_development_CA_300360415125013060185903208978231170143.pem rehash: error: hash table overflow for mkcert_development_CA_153594660651925404699929286764783442924.pem rehash: error: hash table overflow for mkcert_development_CA_3243189055737429532705980019443809730.pem rehash: error: hash table overflow for mkcert_development_CA_335614305519919366026232901584440763094.pem rehash: error: hash table overflow for mkcert_development_CA_153594660651925404699929286764783442924.pem rehash: error: hash table overflow for mkcert_development_CA_335614305519919366026232901584440763094.pem rehash: error: hash table overflow for mkcert_development_CA_76913251760376997753161041127229202716.pem *** buffer overflow detected ***: terminated ``` Running `sudo update-ca-certifiates -f` by itself gave me the same error. Given that it started happening without any other changes, I started wondering if it had to do with the sheer number of mkcert root CAs I had generated while running my tests over however many months/years. So I tried: ```shell sudo rm /usr/local/share/ca-certificates/mkcert_development_CA_* ``` followed by: ```shell sudo update-ca-certifiates -f ``` And that solved the issue. The output of that last command informed me that 426 previously-trusted certificates were now removed. I’m pretty sure most folks won’t run into this unless they’re testing a tool like [auto-encrypt-localhost](https://github.com/small-tech/auto-encrypt-localhost) that uses mkcert to generate certificate authorities and certificates and tests them but still, in case anyone does, I hope this issue helps. Please feel free to close it.

kerem closed this issue

2026-02-25 22:32:50 +03:00

kerem commented

2026-02-25 22:32:51 +03:00

Author

Owner

@FiloSottile commented on GitHub (Nov 22, 2020):

Thanks for filing an issue for people to find. Indeed, this seems like a limitation of update-ca-certifiates. Kind of surprising it would struggle with fewer than a thousand entries, but I guess most people never encounter that.

@FiloSottile commented on GitHub (Nov 22, 2020): Thanks for filing an issue for people to find. Indeed, this seems like a limitation of `update-ca-certifiates`. Kind of surprising it would struggle with fewer than a thousand entries, but I guess most people never encounter that.

kerem referenced this issue

2026-02-25 22:33:25 +03:00

[PR #197] [CLOSED] mkcert now provides a version command #413