“$ sudo apt update” currently fails. Message “Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification.” shows.
Has this been noted and will the certificates been updates shortly?
Just remember that if you are getting packages via a mirror then there is nothing that Purism can do to make the mirror have a valid certificate.
The most likely explanation here is that the mirror really did let the certificate expire. I’ve seen any number of web sites that are not closely managed, who only notice that the certificate expiry date approaches after the date has passed. So you will get a few days when the certificate genuinely is not valid.
That said, that site appears to be using Let’s Encrypt and I thought certificate updates were supposed to be automatic in that case …