The only solution ATM is to check https://www.reddit.com/r/Ubuntu/comments/3q53kc/list_of_ubuntu_repository_mirrors_available_over/ an chose a nearby mirror. Then compare http://security.ubuntu.com/ubuntu/dists/bionic-security/InRelease and your mirror, e.g. https://ftp.fau.de/ubuntu/dists/bionic-security/InRelease (mirror of the FAU (university) located in Germany) and make sure "Date:" in the top section of the InRelease file is equivalent (not more off than 6 to 12 hrs) between the two files. Then adjust your /etc/apt/sources.list e.g. like this: ## Main repository for Ubuntu distributions. This line was auto-added in ## 2018 to provide a fallback, in case no network mirror is available. # deb cdrom:[Xubuntu 18.04.1 LTS _Bionic Beaver_ - Release amd64 (20180725)]/ bionic main restricted # deb cdrom:[Xubuntu 18.04.1 LTS _Bionic Beaver_ - Release amd64 (20180725)]/ bionic universe # deb cdrom:[Xubuntu 18.04.1 LTS _Bionic Beaver_ - Release amd64 (20180725)]/ bionic multiverse ## See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to ## newer versions of the distribution. ## Major bug fix updates are produced after the final release of the ## distribution. deb https://ftp.fau.de/ubuntu/ bionic main restricted deb-src https://ftp.fau.de/ubuntu/ bionic main restricted deb https://ftp.fau.de/ubuntu/ bionic-updates main restricted deb-src https://ftp.fau.de/ubuntu/ bionic-updates main restricted deb https://ftp.fau.de/ubuntu/ bionic-security main restricted deb-src https://ftp.fau.de/ubuntu/ bionic-security main restricted ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. ## Also, please note that software in backports WILL NOT receive any review ## or updates from the Ubuntu security team. deb https://ftp.fau.de/ubuntu/ bionic-backports main restricted deb https://ftp.fau.de/ubuntu/ bionic-backports universe multiverse ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team. Also, please note that software in universe WILL NOT receive any ## review or updates from the Ubuntu security team. deb https://ftp.fau.de/ubuntu/ bionic universe deb-src https://ftp.fau.de/ubuntu/ bionic universe deb https://ftp.fau.de/ubuntu/ bionic-updates universe deb-src https://ftp.fau.de/ubuntu/ bionic-updates universe deb https://ftp.fau.de/ubuntu/ bionic-security universe deb-src https://ftp.fau.de/ubuntu/ bionic-security universe ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team, and may not be under a free licence. Please satisfy yourself as to ## your rights to use the software. Also, please note that software in ## multiverse WILL NOT receive any review or updates from the Ubuntu ## security team. deb https://ftp.fau.de/ubuntu/ bionic multiverse deb-src https://ftp.fau.de/ubuntu/ bionic multiverse deb https://ftp.fau.de/ubuntu/ bionic-updates multiverse deb-src https://ftp.fau.de/ubuntu/ bionic-updates multiverse deb https://ftp.fau.de/ubuntu/ bionic-security multiverse deb-src https://ftp.fau.de/ubuntu/ bionic-security multiverse ## Uncomment the following two lines to add software from Canonical's ## 'partner' repository. ## This software is not part of Ubuntu, but is offered by Canonical and the ## respective vendors as a service to Ubuntu users. ## It includes Adobe Flash, Google SDK and IBM Java. #deb http://archive.canonical.com/ubuntu bionic partner #deb-src http://archive.canonical.com/ubuntu bionic partner Then run: sudo apt-get check sudo apt-get update sudo apt-get upgrade sudo apt-get clean sudo apt-get autoclean sudo apt-get autoremove sudo dpkg --purge `dpkg --get-selections | grep deinstall | cut -f1` sudo apt-get check Make sure `sudo lsof /var/lib/apt/lists/lock` does not output something besides a warning of /run/user/1000/gvfs. If so terminate the offender if possible and/or run `sudo dpkg --configure -a`. That's it. All your APT updates will now run TLS-secured (HTTPS), -except- for your Launchpad PPA updates, located in /etc/apt/sources.list.d/. AFAIK their links cannot be transformed from HTTP to HTTPS yet.