diff --git a/runners/org.osbuild.fedora30 b/runners/org.osbuild.fedora30
index c3e0fe10..93f1374f 100755
--- a/runners/org.osbuild.fedora30
+++ b/runners/org.osbuild.fedora30
@@ -2,7 +2,6 @@
 
 import array
 import json
-import shutil
 import os
 import socket
 import subprocess
@@ -33,42 +32,6 @@ def sysusers():
         sys.exit(1)
 
 
-def update_ca_trust():
-    if not shutil.which("update-ca-trust"):
-        return
-
-    # generate /etc/pki/tls/certs/ca-bundle.crt
-    os.makedirs("/etc/pki/ca-trust/extracted/pem")
-    os.makedirs("/etc/pki/tls/certs")
-    os.symlink("/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", "/etc/pki/tls/certs/ca-bundle.crt")
-
-    # allow to fail, because it sometimes mysteriously does
-    subprocess.run(["update-ca-trust", "extract"], check=False)
-
-
-def append_certs(cert_conf, dir_fd, parents=b""):
-    for entry in os.scandir(f"/proc/self/fd/{dir_fd}".encode()):
-        if entry.is_file():
-            line = os.path.join(parents, entry.name)
-            cert_conf.write(line)
-            cert_conf.write(b"\n")
-        elif entry.is_dir():
-            append_certs(cert_conf,
-                         os.open(entry.name, os.O_DIRECTORY, dir_fd=dir_fd),
-                         os.path.join(parents, entry.name))
-
-
-def update_ca_certificates():
-    if not shutil.which("update-ca-certificates"):
-        return
-
-    # generate /etc/ssl/certs/ca-certificates.crt
-    os.makedirs("/etc/ssl/certs")
-    with open("/etc/ca-certificates.conf", "wb") as f:
-        append_certs(f, os.open("/usr/share/ca-certificates", os.O_DIRECTORY))
-    subprocess.run(["update-ca-certificates"], check=True)
-
-
 def tmpfiles():
     # Allow systemd-tmpfiles to return non-0. Some packages want to create
     # directories owned by users that are not set up with systemd-sysusers.
@@ -103,8 +66,6 @@ if __name__ == "__main__":
     setup_stdio()
     ldconfig()
     sysusers()
-    update_ca_trust()
-    update_ca_certificates()
     tmpfiles()
     nsswitch()
 
diff --git a/runners/org.osbuild.rhel81 b/runners/org.osbuild.rhel81
index ae00cf34..a7a95264 100755
--- a/runners/org.osbuild.rhel81
+++ b/runners/org.osbuild.rhel81
@@ -2,7 +2,6 @@
 
 import array
 import json
-import shutil
 import os
 import socket
 import subprocess
@@ -33,42 +32,6 @@ def sysusers():
         sys.exit(1)
 
 
-def update_ca_trust():
-    if not shutil.which("update-ca-trust"):
-        return
-
-    # generate /etc/pki/tls/certs/ca-bundle.crt
-    os.makedirs("/etc/pki/ca-trust/extracted/pem")
-    os.makedirs("/etc/pki/tls/certs")
-    os.symlink("/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", "/etc/pki/tls/certs/ca-bundle.crt")
-
-    # allow to fail, because it sometimes mysteriously does
-    subprocess.run(["update-ca-trust", "extract"], check=False)
-
-
-def append_certs(cert_conf, dir_fd, parents=b""):
-    for entry in os.scandir(f"/proc/self/fd/{dir_fd}".encode()):
-        if entry.is_file():
-            line = os.path.join(parents, entry.name)
-            cert_conf.write(line)
-            cert_conf.write(b"\n")
-        elif entry.is_dir():
-            append_certs(cert_conf,
-                         os.open(entry.name, os.O_DIRECTORY, dir_fd=dir_fd),
-                         os.path.join(parents, entry.name))
-
-
-def update_ca_certificates():
-    if not shutil.which("update-ca-certificates"):
-        return
-
-    # generate /etc/ssl/certs/ca-certificates.crt
-    os.makedirs("/etc/ssl/certs")
-    with open("/etc/ca-certificates.conf", "wb") as f:
-        append_certs(f, os.open("/usr/share/ca-certificates", os.O_DIRECTORY))
-    subprocess.run(["update-ca-certificates"], check=True)
-
-
 def tmpfiles():
     # Allow systemd-tmpfiles to return non-0. Some packages want to create
     # directories owned by users that are not set up with systemd-sysusers.
@@ -136,8 +99,6 @@ if __name__ == "__main__":
     setup_stdio()
     ldconfig()
     sysusers()
-    update_ca_trust()
-    update_ca_certificates()
     tmpfiles()
     nsswitch()
     os_release()
diff --git a/runners/org.osbuild.rhel82 b/runners/org.osbuild.rhel82
index 97c97a3d..235e1cdf 100755
--- a/runners/org.osbuild.rhel82
+++ b/runners/org.osbuild.rhel82
@@ -2,7 +2,6 @@
 
 import array
 import json
-import shutil
 import os
 import socket
 import subprocess
@@ -33,42 +32,6 @@ def sysusers():
         sys.exit(1)
 
 
-def update_ca_trust():
-    if not shutil.which("update-ca-trust"):
-        return
-
-    # generate /etc/pki/tls/certs/ca-bundle.crt
-    os.makedirs("/etc/pki/ca-trust/extracted/pem")
-    os.makedirs("/etc/pki/tls/certs")
-    os.symlink("/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", "/etc/pki/tls/certs/ca-bundle.crt")
-
-    # allow to fail, because it sometimes mysteriously does
-    subprocess.run(["update-ca-trust", "extract"], check=False)
-
-
-def append_certs(cert_conf, dir_fd, parents=b""):
-    for entry in os.scandir(f"/proc/self/fd/{dir_fd}".encode()):
-        if entry.is_file():
-            line = os.path.join(parents, entry.name)
-            cert_conf.write(line)
-            cert_conf.write(b"\n")
-        elif entry.is_dir():
-            append_certs(cert_conf,
-                         os.open(entry.name, os.O_DIRECTORY, dir_fd=dir_fd),
-                         os.path.join(parents, entry.name))
-
-
-def update_ca_certificates():
-    if not shutil.which("update-ca-certificates"):
-        return
-
-    # generate /etc/ssl/certs/ca-certificates.crt
-    os.makedirs("/etc/ssl/certs")
-    with open("/etc/ca-certificates.conf", "wb") as f:
-        append_certs(f, os.open("/usr/share/ca-certificates", os.O_DIRECTORY))
-    subprocess.run(["update-ca-certificates"], check=True)
-
-
 def tmpfiles():
     # Allow systemd-tmpfiles to return non-0. Some packages want to create
     # directories owned by users that are not set up with systemd-sysusers.
@@ -113,8 +76,6 @@ if __name__ == "__main__":
     setup_stdio()
     ldconfig()
     sysusers()
-    update_ca_trust()
-    update_ca_certificates()
     tmpfiles()
     nsswitch()
     python_alternatives()
diff --git a/runners/org.osbuild.ubuntu1804 b/runners/org.osbuild.ubuntu1804
index c3e0fe10..93f1374f 100755
--- a/runners/org.osbuild.ubuntu1804
+++ b/runners/org.osbuild.ubuntu1804
@@ -2,7 +2,6 @@
 
 import array
 import json
-import shutil
 import os
 import socket
 import subprocess
@@ -33,42 +32,6 @@ def sysusers():
         sys.exit(1)
 
 
-def update_ca_trust():
-    if not shutil.which("update-ca-trust"):
-        return
-
-    # generate /etc/pki/tls/certs/ca-bundle.crt
-    os.makedirs("/etc/pki/ca-trust/extracted/pem")
-    os.makedirs("/etc/pki/tls/certs")
-    os.symlink("/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", "/etc/pki/tls/certs/ca-bundle.crt")
-
-    # allow to fail, because it sometimes mysteriously does
-    subprocess.run(["update-ca-trust", "extract"], check=False)
-
-
-def append_certs(cert_conf, dir_fd, parents=b""):
-    for entry in os.scandir(f"/proc/self/fd/{dir_fd}".encode()):
-        if entry.is_file():
-            line = os.path.join(parents, entry.name)
-            cert_conf.write(line)
-            cert_conf.write(b"\n")
-        elif entry.is_dir():
-            append_certs(cert_conf,
-                         os.open(entry.name, os.O_DIRECTORY, dir_fd=dir_fd),
-                         os.path.join(parents, entry.name))
-
-
-def update_ca_certificates():
-    if not shutil.which("update-ca-certificates"):
-        return
-
-    # generate /etc/ssl/certs/ca-certificates.crt
-    os.makedirs("/etc/ssl/certs")
-    with open("/etc/ca-certificates.conf", "wb") as f:
-        append_certs(f, os.open("/usr/share/ca-certificates", os.O_DIRECTORY))
-    subprocess.run(["update-ca-certificates"], check=True)
-
-
 def tmpfiles():
     # Allow systemd-tmpfiles to return non-0. Some packages want to create
     # directories owned by users that are not set up with systemd-sysusers.
@@ -103,8 +66,6 @@ if __name__ == "__main__":
     setup_stdio()
     ldconfig()
     sysusers()
-    update_ca_trust()
-    update_ca_certificates()
     tmpfiles()
     nsswitch()