httpsSecurityupdate-manager

In Update Manager's software sources, the option exists to choose a download server and protocol like shown below.

And if HTTPS (or SFTP) aren't supported, why does the option exist? Related question here, though it only deals with full ISO images.

## software supported protocols

Potentially yes the software showing the drop-down of protocols can support a https mirror - the drop-down box in question accepts the following valid protocols:

• ftp
• http
• file
• rsync
• https

This is detailed in the software-properties-gtk package source code:

apt-get source software-properties-gtk
cd software-properties*/softwareproperties/gtk


Look in the file DialogMirror.py - function def is_valid_mirror

## there is a but...

However in reality, the public mirrors Ubuntu supports is limited to http://, ftp:// & rsync://

The mirrors you can define is limited when you define a new mirror:

## local mirrors

Therefore, since the software itself does not limit the protocols, one way to download over HTTPS is to define and maintain your own local repository & mirror. As usual we have a great Q&A that have several applicable answers:

apt-mirror is probably your best bet here. Install the apt-mirror package and examine its man page:

CONFIGURATION EXAMPLES The mirror.list configuration supports many options...

   HTTPS with sending Basic HTTP authentication information (plaintext username and password) for all
requests: (this was default behaviour of Wget 1.10.2 and prior and is needed for some servers with new
version of Wget) set auth_no_challenge 1 deb https://user:pass@example.com:443/debian stable main contrib
non-free

HTTPS without checking certificate: set no_check_certificate 1 deb https://example.com:443/debian stable
main contrib non-free


As you can see, you can define a local HTTPS mirror - add your local HTTPS mirror and it should appear in the list of mirrors.