According to the Debian ca=certificates developer it is not a bug, and presumably nothing to worry about.
Debian Bug report #1032814 ca-certificates.crt does not contain exactly one certificate or CRL
It has also been reported as a bug in the newer version that will be used for Trixie
Debian Bug report #1104188 rehash: warning: skipping ca-certificates.crt, it does not contain exactly one certificate or CRL
but no one has responded to that one yet. The link from that one to an Alpine bug describes what is happening and it seems to be safe to ignore.
Debian Bug report #1032814 ca-certificates.crt does not contain exactly one certificate or CRL
It has also been reported as a bug in the newer version that will be used for Trixie
Debian Bug report #1104188 rehash: warning: skipping ca-certificates.crt, it does not contain exactly one certificate or CRL
but no one has responded to that one yet. The link from that one to an Alpine bug describes what is happening and it seems to be safe to ignore.
This happens because update-ca-certificates writes the file /etc/ssl/certs/ca-certificates.crt before invoking c_rehash /etc/ssl/certs.
update-ca-certificates should:
remove the bundle,
invoke run-parts,
wait until it finishes,
then write the new bundle.
That is also how it works on Debian.
Statistics: Posted by rpdom — Sat Jun 14, 2025 7:11 am