That does sound really strange. The stack trace does not really explain which part of the code is currently running. If you get the problem again, try running something like:
nslookup duplicati-oauth-handler.appspot.com
This gives the IP of the server that handles the login, and you can try to ping it, to see if it responds to pings:
So finally circled back to this. I think the root cause was running an old version of mono (4.x) on Ubuntu 16.04 I updated to the latest version from the mono project repo and everything “just works”. It appears most of the problems were caused by the lack of a cert store in the 4.x mono install.
While I agree that would be nice to have, it would require keeping up on mono versions to know if mono was “out of date”. I was thinking more along the lines of a warning if the mono version was older than the minimum version known to work well with Duplicati.
Of course I’m no Linux expert so it’s possible the issue is less mono version than the SSL certificates that come with the various versions…
Right, that is what I meant, just a “you’re on an unsupported version”.
I think it was an issue with how Mono 4.x resolved SSL certs. I updated the local cert store and verified it contained the right parent certs. I had found a bunch of posts across mono projects about versions before mono 5 having issues with SSL certs.
Each version has quirks, but basically, Duplicati works with Mono as old as 3.0.
The problem is the SSL certificates are not updated, and they are not even updated in the new 5.x versions, but the tool cert-sync is run as part of the install/update. This is a bad fix, as it will eventually be out-of-sync with the OS cert store, and cause problems. (4.x uses Mozilla’s cert store, and needs the tool mozroots.exe to sync the Mono store).
I suspect that the Mono team tries to get it working for all distros and that is why they chose an external tool, instead of hooking directly into the cert store.
Anyway, there is a check that lists all Mono’s certificates, and if this is empty it will show a message suggesting to run cert-sync, but I guess it is not working as expected in al cases.