This server has no working Internet connection

I just updated to 9.1.7 and the “Admin Panel” tells me I have no working internet connection. After some research I created a simple test script like this:

<?php
require_once('./lib/base.php');

try {
    $client = \OC::$server->getHTTPClientService()->newClient();
    $client->get('https://www.owncloud.org/');
} catch (\Exception $e) {
        var_dump($e);
        throw $e;
}

the result is a GuzzleHttp\Ring\Exception\RingException telling me that there is a "cURL error 60: SSL certificate problem: unable to get local issuer certificate".

I can event run curl on my local machine to get this error

$ curl -L -v https://www.owncloud.org/
*   Trying 2a01:4f8:151:24c2::2...
* TCP_NODELAY set
* Connected to www.owncloud.org (2a01:4f8:151:24c2::2) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure.

If I try to open https://www.owncloud.org in my browser I get redirected to https://owncloud.org via HTTP 301 properly

HTTP/2.0 301 Moved Permanently
content-type: text/html; charset=utf-8
date: Wed, 20 Dec 2017 09:15:38 GMT
location: https://owncloud.org
x-redirects-version: 0.1.0+git20170506.cd6e81f
content-length: 55
X-Firefox-Spdy: h2

Long story short: Because of this I have no 3rd party apps available since the app settings page is unable to fetch the app list due to Could not get application, content was no valid XML.

Anybody experiences the same issues? Is there a problem with the SSL configuration on owncloud.org or am I just missing something?

You need to update the root ca certs of your distribution. On Debian and Ubuntu there is a command: update-ca-certificates

Thanks for the reply, I did but nothing changed.

let me check … maybe a cert issue on our side …

Bildschirmfoto von »2017-12-20 10-34-25«.png761×584 58.7 KB

@jnweiger @tboerger any idea? THX

The problem have been solved, I have added a missing part to the certificate chain.

Cool, looks good. Thank you

Edit: I still see no 3rd party apps in the app settings page due to Could not get application, content was no valid XML … but I guess that’s a different problem.

I guess you are still connected to the old appstore - see here Good Bye apps.owncloud.com - ownCloud

Thanks I totally missed that news, config adjusted, log message about not valid xml gone but still no apps. This is weird, I guess I will try to update to OC 10 then even though I would prefer staying on the “production” channel.

Edit: apps did suddenly show up, looks like a caching issue on my side. All problems solved Thanks for the help guys