This is the only thing that worked for me. It took me hours of troubleshooting to finally find my way to this post. The only thing that I might add is that this should also be done on the c2 server and not just the croc. It was only when I updated both that it successfully connected. Thanks for the help. @Darren Kitchen, they should really address this in the documentation or fix this via the device firmware and c2 binaries.
Until then, just create use this patch script from @dark_pyrro's commands above and save in `~/c2_connection_patch.sh` on the croc and c2 server, then run `sh ~/c2_connection_patch.sh`:
#!/bin/sh
# check if patch needs to be applied:
if grep X3 /etc/ca-certificates.conf | grep -qE '^!'; then
echo 'system is already patched.'
exit 0
fi
# backup /etc/ca-certificates.conf:
echo 'backing up /etc/certificates.conf...'
cp /etc/ca-certificates.conf /etc/ca-certificates.conf.bak
# blacklist the X3 root certificate:
echo 'blacklisting the X3 root certificate...'
sed -i '/^mozilla\/DST_Root_CA_X3/s/^/!/' /etc/ca-certificates.conf
# update ca certs:
echo 'updating ca certs...'
update-ca-certificates -f
echo 'done.'
echo
echo 'please reboot hak5 device, and restart cloud c2 server.'