This server has no working Internet connection

I just updated to 9.1.7 and the "Admin Panel" tells me I have no working internet connection. After some research I created a simple test script like this:


try {
    $client = \OC::$server->getHTTPClientService()->newClient();
} catch (\Exception $e) {
        throw $e;

the result is a GuzzleHttp\Ring\Exception\RingException telling me that there is a "cURL error 60: SSL certificate problem: unable to get local issuer certificate".

I can event run curl on my local machine to get this error

$ curl -L -v
*   Trying 2a01:4f8:151:24c2::2...
* Connected to (2a01:4f8:151:24c2::2) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here:

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure.

If I try to open in my browser I get redirected to via HTTP 301 properly

HTTP/2.0 301 Moved Permanently
content-type: text/html; charset=utf-8
date: Wed, 20 Dec 2017 09:15:38 GMT
x-redirects-version: 0.1.0+git20170506.cd6e81f
content-length: 55
X-Firefox-Spdy: h2

Long story short: Because of this I have no 3rd party apps available since the app settings page is unable to fetch the app list due to Could not get application, content was no valid XML.

Anybody experiences the same issues? Is there a problem with the SSL configuration on or am I just missing something?

You need to update the root ca certs of your distribution. On Debian and Ubuntu there is a command: update-ca-certificates

Thanks for the reply, I did but nothing changed.

let me check ... maybe a cert issue on our side ....

@jnweiger @tboerger any idea? THX

The problem have been solved, I have added a missing part to the certificate chain.


Cool, looks good. Thank you :sunglasses:

Edit: I still see no 3rd party apps in the app settings page due to Could not get application, content was no valid XML ... but I guess that's a different problem.

I guess you are still connected to the old appstore - see here

Thanks I totally missed that news, config adjusted, log message about not valid xml gone but still no apps. This is weird, I guess I will try to update to OC 10 then even though I would prefer staying on the "production" channel.

Edit: apps did suddenly show up, looks like a caching issue on my side. All problems solved :heart_eyes: Thanks for the help guys :+1: