package ca-certificates 20180409 failed to install/upgrade: installed ca-certificates package post-installation script subprocess returned error exit status 1

The fixed version of libssl is installed, and the error message is not about a duplicate certificate so this is not a duplicate of bug 1764848.

Updating certificates in /etc/ssl/certs...
rehash: skipping cacert.cer,it does not contain exactly one certificate or CRL
rehash: skipping req.pem,it does not contain exactly one certificate or CRL

Status changed to 'Confirmed' because the bug affects multiple users.

The bug appeared while upgrading from Ubuntu 16 to Ubuntu 18. It is a very serious bug, since many other packages depend on ca-certificates and were left unconfigured. Lots of error messages in the screen.
When the upgrade finished, the system was left in a very bad situation with so many non-configured packages. No workable reboot-shutdown button, not functioning menus ... If moving to a virtual terminal (Alt-F1) the virtual console did not work either, so the configuration error of ca-certificates is a really serious bug.
I did not dare to perform a hard poweroff and poweron because I was not confident that the system was going to be able to boot at all.
Fortunately enough, right clicking in the screen worked and I was able to open a terminal. From that terminal, I keyed firefox (not accesible through non-working menus) and downloaded from ubuntu archive the version 20170717 of ca-certificates and install it replacing the buggy 20180409 using dpkg -i.
After this, I performed
dpkg --configure -a
and all not-fully installed packages got correctly configured.
I had to poweroff via the button (no other choice) and when powering on again, Ubuntu 18 appeared with no other issue so far.

I also tried to install version 20180409 after Ubuntu 18 was already working and the error is still there. It is not a problem of the upgrade procedure but a problem of the package itself.

Same here. I downloaded ca-certificates_20170717~16.04.1_all.deb from https://packages.ubuntu.com/xenial/all/ca-certificates/download

Then did a:
dpkg -i ca-certificates_20170717~16.04.1_all.deb
dpkg --configure -a

After that I did a:
sudo apt-get upgrade

Which upgraded to 20180409 without problems

No success in my case (difference with Maurice report). Tried again today to upgrade (via dpkg -i) to 20180409 and got an error message saying that post-installation script produces an output status of "1" (this means error when executing the postinst script, doesn't it?). Package left unconfigured and 20170717~16.04.1 needs to be reinstalled to get a system without broken packages.
Is there some way to get more verbose information about what is going wrong with the post installation script?

I think I have found the culprit. It is a package called "autofirma", distributed by the Spanish Administration to perform digital signatures with the official certificates provided by the government.
Apparently, there is some kind of incompatibility between the files generated by this package and the postinstallation script of this version of ca-certificates.
I have just removed (purge) the autofirma package, then update ca-certificates to 20180409 without any problem and, after that, reinstalled autofirma (probably I may need to uninstall it again when another ca-certificates version comes out).
As autofirma is not an ubuntu-provided package, this should not be considered a bug after all. In any case, the information may be useful for any other Spanish user finding the same problem.

@mquiros: Where can I download the autofirma package? I just ran into another source of certificates that have the same issue and I want to investigate.

Even though comment #2 claims that this bug is not related to bug 1764848 it may actually be related to bug 1764848. It depends on the content of the autofirma package that apparently triggers this situation, it may be that the package contains duplicate certificates.

The autofirma package can be downloaded from:

https://firmaelectronica.gob.es/Home/Descargas.html

You click in "Autofirma para Linux" and download a zip file that contains the deb package and some documentation in Spanish (if you think there might be something useful in the documentation or in the comments in the scripts or wherever, just ask me for translation).