2 files changed, 8 insertions, 0 deletions

diff --git a/cloudinit/CloudConfig/cc_ca_certs.py b/cloudinit/CloudConfig/cc_ca_certs.py
index c18821f9..c7bacb78 100644
--- a/cloudinit/CloudConfig/cc_ca_certs.py
+++ b/cloudinit/CloudConfig/cc_ca_certs.py
@@ -54,6 +54,9 @@ def remove_default_ca_certs():
     delete_dir_contents(CA_CERT_PATH)
     delete_dir_contents(CA_CERT_SYSTEM_PATH)
     write_file(CA_CERT_CONFIG, "", mode=0644)
+    check_call([
+        "echo 'ca-certificates ca-certificates/trust_new_crts  select no' | "
+        "debconf-set-selections"], shell=True)
 
 
 def handle(_name, cfg, _cloud, log, _args):
diff --git a/tests/unittests/test_handler_ca_certs.py b/tests/unittests/test_handler_ca_certs.py
index d6513b5b..37bd7a08 100644
--- a/tests/unittests/test_handler_ca_certs.py
+++ b/tests/unittests/test_handler_ca_certs.py
@@ -169,10 +169,15 @@ class TestRemoveDefaultCaCerts(MockerTestCase):
         mock_delete_dir_contents = self.mocker.replace(delete_dir_contents,
                                                        passthrough=False)
         mock_write = self.mocker.replace(write_file, passthrough=False)
+        mock_check_call = self.mocker.replace("subprocess.check_call",
+                                              passthrough=False)
 
         mock_delete_dir_contents("/usr/share/ca-certificates/")
         mock_delete_dir_contents("/etc/ssl/certs/")
         mock_write("/etc/ca-certificates.conf", "", mode=0644)
+        mock_check_call([
+            "echo 'ca-certificates ca-certificates/trust_new_crts  select no'"
+            " | debconf-set-selections"], shell=True)
         self.mocker.replay()
 
         remove_default_ca_certs()