Can't update because "SSL certificate problem: self signed certificate"

updater
ssl
help

#1

Hi,

I can't update my oc to 9.1.2. per updater. The error messages:

[GuzzleHttp\Exception\RequestException]
cURL error 60: SSL certificate problem: self signed certificate

[GuzzleHttp\Ring\Exception\RingException]
cURL error 60: SSL certificate problem: self signed certificate

Do oc not accepts shared certificates anymore from 9.1.0 on? I'm using only a shared certificate from my hoster, because I can't install my own certificate (without changing my paid package to a more expensive one). But the certificate didnt made any problems before.

What can I do?

Dave


Updater initialization errors
Can't map network drive on windows 10
#2

Hi,
May be you could look at letsencrypt, which provides free certificates. It works very finely. The only drawback is the lifetime of the certificate, 90 days. But the renewal is rather simple.
https://letsencrypt.org/


#3

I'm not sure, if this is a possibility. I use a letsencrypt-certificate on another server, but there I have a server (root). My oc instance runs on a machine where I have only webspace. I don't have any root or admin rights.
Like I said before, the hoster offers the possibility for letsencrypt certificates, but for more money. And for me it's ok to work with his shared ssl certificate. But now i can't update my oc instance anymore.


#4

I too have this problem.
I found a post that is quite old and talks about squashing the certificate check in (in my case)
/var/www/owncloud/3rdparty/sabre/dav/Client.php
https://forum.owncloud.org/viewtopic.php?t=18542
But as it's so old, Client.php doesn't exist anymore.

So, as a last resort, as always, I rtfm:
I go to ownCloud User Manual, Release 9.1 page 17, and it has the following:

Problem
Certificate warnings
Solution
If you use a self-signed certificate, you will get a warning.
To change this, you need to configure
davfs2 to recognize your certificate. Copy mycertificate.pem to /etc/davfs2/certs/. Then edit
/etc/davfs2/davfs2.conf and uncomment the line servercert. Now add the path of your certificate as in this example:
servercert /etc/davfs2/certs/mycertificate.pem

Unfortunately that directory doesn't exist on a Raspberry Pi

Yours,
Flummoxed..


#5

Do the manual update / upgrade instead:

https://doc.owncloud.org/server/latest/admin_manual/maintenance/manual_upgrade.html


#6

I've got a similar error updating from 9.1.1. to 9.1.2.

cURL error 51: SSL: no alternative certificate subject name matches target host name 'localhost'

I use a Letsencrypt cert. It is valid and works. The updater however generates this error. It is impossible to create a Letsencrypt certificate for the 'localhost'.

I will try the /etc/davfs2.conf edit as suggested, but this is a strange way of auto updating.


#7

Don't waste your time with the updater app and do as advised:

This is completely unrelated to the updater app and won't solve anything for it. The info about that from @Alistair is wrong concerning this.


#8

Manual update from 9.1.1 to 9.1.2 and from 9.1.2 to 9.1.3 done. It works.
Thanks.


#9

Hi,

this steps in between are not needed and also not recommended. An update from 9.1.1 to 9.1.3 would be just a jump from 9.1.1 to 9.1.3 without the step to 9.1.2 in between. This avoids that you're hitting a bug in 9.1.2 which might be already fixed in 9.1.3.


#10

Hi,
I do have the same issue: I want to upgrade, but I have a self signed certificate.
Problem with upgrading manually is I run owncloud within a web hosting package.
That means I do not have access to the command line.
Steps for upgrading as described here include setting oc to maintenance mode, starting/stopping the web server and executing the upgrade command, all of which I cannot do. What can I do to upgrade?
I'd be thankful for suggestions.
Cheers
Deego

UPDATE

I switched off ssl (can be done easily on the administration website of my webhoster), updated owncloud using the updater plugin and switched ssl on again. Done.