Thanks for the details. #895473 reported a similar error on locally installed CA certificates, which I think may be related.
Each of the list of `rehash: skipping .. cannot open file` in your errors appears to be on CAs that were removed in the package during this update, so somewhere we have a problem with `openssl rehash` trying to link to files we removed, but for some reason were not prefixed with '!' in /etc/ca-certificates.conf. I've tried a number of upgrades from a March 29 unstable chroot, as well as from stretch to unstable on openstack instances, on both amd64 and i386 (I don't think arch is dependent), and I've been unable to get a similar error to present itself. Each way I've tried, I get the package-removed certificates prefixed properly and no errors, so haven't been able to reproduce this, yet. I will keep trying with different options and see if I can figure out where the problem is. If someone has a good way to reproduce, I'd appreciate it! -- Kind regards, Michael