diff --git a/releasenotes/notes/add-ca-certs-2398cb4856356028.yaml b/releasenotes/notes/add-ca-certs-2398cb4856356028.yaml
new file mode 100644
index 00000000..9a744fc0
--- /dev/null
+++ b/releasenotes/notes/add-ca-certs-2398cb4856356028.yaml
@@ -0,0 +1,6 @@
+---
+upgrade:
+  - The ``ca-certificates`` package has been included in the LXC
+    container build process in order to prevent issues related to
+    trying to connect to public websites which make use of newer
+    certificates than exist in the base CA certificate store.
diff --git a/vars/redhat-7.yml b/vars/redhat-7.yml
index eef1ad71..1647faea 100644
--- a/vars/redhat-7.yml
+++ b/vars/redhat-7.yml
@@ -59,6 +59,7 @@ lxc_cache_map:
 lxc_cache_install_command: "yum install -y"
 
 lxc_cache_packages:
+  - ca-certificates
   - openssh-server
   - python2
   - sudo
diff --git a/vars/ubuntu-14.04.yml b/vars/ubuntu-14.04.yml
index c8d702fa..fca96a39 100644
--- a/vars/ubuntu-14.04.yml
+++ b/vars/ubuntu-14.04.yml
@@ -70,6 +70,7 @@ lxc_cache_packages:
   - bridge-utils
   - bsdmainutils
   - build-essential
+  - ca-certificates
   - cgmanager
   - cgmanager-utils
   - cgroup-lite
diff --git a/vars/ubuntu-16.04.yml b/vars/ubuntu-16.04.yml
index 1a601773..f3be41dd 100644
--- a/vars/ubuntu-16.04.yml
+++ b/vars/ubuntu-16.04.yml
@@ -70,6 +70,7 @@ lxc_cache_install_command: "export DEBIAN_FRONTEND=noninteractive && apt-get upd
 
 lxc_cache_packages:
   - apt-transport-https
+  - ca-certificates
   - openssh-server
   - python2.7