diff --git a/changelog/bugfixes/2025-02-14-update-ca-certificates-missing-newlines-fix.md b/changelog/bugfixes/2025-02-14-update-ca-certificates-missing-newlines-fix.md
new file mode 100644
index 0000000000..89406492d9
--- /dev/null
+++ b/changelog/bugfixes/2025-02-14-update-ca-certificates-missing-newlines-fix.md
@@ -0,0 +1 @@
+- Fix update-ca-certificates behavior when concatenating certificates with missing trailing newlines. ([flatcar/scripts#2667](https://github.com/flatcar/scripts/pull/2667))
diff --git a/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/ca-certificates-3.108.ebuild b/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/ca-certificates-3.108-r1.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/ca-certificates-3.108.ebuild
rename to sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/ca-certificates-3.108-r1.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/files/update-ca-certificates b/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/files/update-ca-certificates
index ea7cb27cff..fcbdd008ed 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/files/update-ca-certificates
+++ b/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/files/update-ca-certificates
@@ -32,7 +32,8 @@ if [[ ! -e "${CERTBUNDLE}" || "${CERTSDIR}" -nt "${CERTBUNDLE}" ]]; then
     trap "rm -f '${CERTSDIR}/${TEMPBUNDLE}'" EXIT
 
     # Use .0 instead of .pem to pull in only what c_rehash validated
-    cat "${CERTSDIR}"/*.[0-9] > "${TEMPBUNDLE}"
+    sed --separate '$a\' "${CERTSDIR}"/*.[0-9] >"${TEMPBUNDLE}"
+
     chmod 644 "${TEMPBUNDLE}"
     mv -f "${TEMPBUNDLE}" "${CERTBUNDLE}"
     trap - EXIT