I recently installed 3 backup jobs to Box Drive, MS OneDrive and Google Drive. After help from ts678 I am able to run these successfully with no errors but I get Cert warnings on all three. I’ve researched and found several Mac Terminal commands that seem to have worked for others but when I try them I get “Option or File not found” errors. I found a program to update certificates to 2034 that ran successfully but I continue to get these warnings after each backup.
I am not very familiar with Terminal command syntax but am willing to try.
I should have said Cert Warning (not error). After the backup completes successfully I get the following Warning for all cloud backups:
2020-04-08 11:41:03 -05 - [Warning-Duplicati.Library.Modules.Builtin.CheckMonoSSL-MissingCerts]: No certificates found, you can install some with one of these commands: cert-sync /etc/ssl/certs/ca-certificates.crt #for Debian based systems cert-sync /etc/pki/tls/certs/ca-bundle.crt #for RedHat derivatives curl -O https://curl.haxx.se/ca/cacert.pem; cert-sync --user cacert.pem; rm cacert.pem #for MacOS Read more: http://www.mono-project.com/docs/about-mono/releases/3.12.0/#cert-sync
I belive mozroots.exe has been deprecated and replaced by Cert-Sync in Mono. If I enter the command indicated in the message “cert-sync /etc/pki/tls/certs/ca-bundle.crt” I get a File not Found error for the part after Cert-Sync. Cert-Sync by itself seems to run but nothing happens and I still get the Warnings.
Are you sure you did the part " Make sure the ca-certificates-mono package is installed."?
A forum poster solved the warning on Linux by doing that. I don’t know macOS’ package tools.
EDIT 1:
Found another Linux user using this fix, and there might be more. macOS seems complicated.
shows the Ubuntu package names, where mono-complete has ca-certificates-mono and more.
I’m not sure what macOS package design looks like. There’s also a brew install mono plan.
It should not be a warning. I think mono has changed the strategy around certificates slightly, so if the backup completes it makes not sense to warn about missing certificates (either they exist, or they are not required).
An easy fix would be to remove the warning emitted from Duplicati in the next release.
On Mac if you compiled and installed Mono from source (i.e. you don’t have access to the Apple TLS implementation), you can use cert-sync to populate the Mono certificate stores with CA certificates from the curl maintainers which are based on Mozilla’s trusted CA list:
I’m curious if you fall into this case. Possibly brew install mono would be a compile from source. Possibly the reason Duplicati sees little of this is that maybe others downloaded from mono-project.
Although you don’t need it now, one other possible workaround to end the noise might be based on:
C:\ProgramData\Duplicati\duplicati-2.0.5.1_beta_2020-01-18>Duplicati.CommandLine.exe help check-mono-ssl
Check for SSL certificates (check-mono-ssl):
When running with Mono, this module will check if any certificates are
installed and suggest installing them otherwise
Module is loaded automatically, use --disable-module to prevent this
C:\ProgramData\Duplicati\duplicati-2.0.5.1_beta_2020-01-18>Duplicati.CommandLine.exe help disable-module
--disable-module (String): Disables one or more modules
Supply one or more module names, separated by commas to unload them
C:\ProgramData\Duplicati\duplicati-2.0.5.1_beta_2020-01-18>
I was also trying to follow up on the @kenkendk thought (though I can’t personally add the easy fix).
AppleTLS stack is a more recent change (mono v5, minimum requirement for Duplicati 2.0.5.1 Beta):
The Mono.framework package that we distribute for macOS now uses the AppleTLS stack for implementing our SSL/TLS transport.
TLS 1.2 Support from Mono 4.8.0 Release Notes 22 Feb 2017 is where BTLS support came in, which caused the three-way potential split in certificate validation (mentioned in the X509Store issue above).
Thanks for this additional information. It seems to me that another “fix” would be to show the commands I used in the Warning message. The ones they show are for Linux systems and for Mac they say to read more.
The Read more looks like it means to point to new cert-sync command, which all directions use.
Two Linux directions have a local file available to give to cert-sync. For macOS, it’s a download.
I think the problem is figuring out which directions go with which OS. I guess it lost spaces below?