I recently installed 3 backup jobs to Box Drive, MS OneDrive and Google Drive. After help from ts678 I am able to run these successfully with no errors but I get Cert warnings on all three. I’ve researched and found several Mac Terminal commands that seem to have worked for others but when I try them I get “Option or File not found” errors. I found a program to update certificates to 2034 that ran successfully but I continue to get these warnings after each backup.
I am not very familiar with Terminal command syntax but am willing to try.
I should have said Cert Warning (not error). After the backup completes successfully I get the following Warning for all cloud backups:
2020-04-08 11:41:03 -05 - [Warning-Duplicati.Library.Modules.Builtin.CheckMonoSSL-MissingCerts]: No certificates found, you can install some with one of these commands: cert-sync /etc/ssl/certs/ca-certificates.crt #for Debian based systems cert-sync /etc/pki/tls/certs/ca-bundle.crt #for RedHat derivatives curl -O https://curl.haxx.se/ca/cacert.pem; cert-sync --user cacert.pem; rm cacert.pem #for MacOS Read more: http://www.mono-project.com/docs/about-mono/releases/3.12.0/#cert-sync
I belive mozroots.exe has been deprecated and replaced by Cert-Sync in Mono. If I enter the command indicated in the message “cert-sync /etc/pki/tls/certs/ca-bundle.crt” I get a File not Found error for the part after Cert-Sync. Cert-Sync by itself seems to run but nothing happens and I still get the Warnings.
It should not be a warning. I think mono has changed the strategy around certificates slightly, so if the backup completes it makes not sense to warn about missing certificates (either they exist, or they are not required).
An easy fix would be to remove the warning emitted from Duplicati in the next release.
On Mac if you compiled and installed Mono from source (i.e. you don’t have access to the Apple TLS implementation), you can use cert-sync to populate the Mono certificate stores with CA certificates from the curl maintainers which are based on Mozilla’s trusted CA list:
I’m curious if you fall into this case. Possibly brew install mono would be a compile from source. Possibly the reason Duplicati sees little of this is that maybe others downloaded from mono-project.
Although you don’t need it now, one other possible workaround to end the noise might be based on:
C:\ProgramData\Duplicati\duplicati-184.108.40.206_beta_2020-01-18>Duplicati.CommandLine.exe help check-mono-ssl
Check for SSL certificates (check-mono-ssl):
When running with Mono, this module will check if any certificates are
installed and suggest installing them otherwise
Module is loaded automatically, use --disable-module to prevent this
C:\ProgramData\Duplicati\duplicati-220.127.116.11_beta_2020-01-18>Duplicati.CommandLine.exe help disable-module
--disable-module (String): Disables one or more modules
Supply one or more module names, separated by commas to unload them
I was also trying to follow up on the @kenkendk thought (though I can’t personally add the easy fix).
Thanks for this additional information. It seems to me that another “fix” would be to show the commands I used in the Warning message. The ones they show are for Linux systems and for Mac they say to read more.