I'm getting a message that the certificate for "debian.org" is not applicable to "security.debian.org" and therefore none of these packages can be verified. On the one hand, of course that's just a configuration error where the certificate should be for *.debian.org instead of for debian.org. On the other hand, the https certificate ought to have no effect whatsoever on whether the packages can be verified. The package signatures are all down to the debian keyring, or ought to be.
Attachment:
signature.asc
Description: OpenPGP digital signature