Google removed the CNNIC Root CA from all Google products. For security, this CA should also be removed from your Debian stash of trusted Root CAs.
1. Configure the package ca-certificates with:
$ sudo dpkg-reconfigure ca-certificates
3. At the next prompt, locate the following entry and press the space bar to uncheck:
[ ] mozilla/CNNIC_ROOT.crt
4. When finished, press TAB and then press Enter to save and close.
The output in the terminal will look similar to:
smiller@bruckner:~$ sudo dpkg-reconfigure ca-certificates Processing triggers for ca-certificates (20141019) ... Updating certificates in /etc/ssl/certs... 0 added, 1 removed; done. Running hooks in /etc/ca-certificates/update.d.... Removing debian:CNNIC_ROOT.pem done. done.