I am attempting to back up two Windows 10 computers to a Synology NAS via WebDAV.
I have enabled the “accept all certificates” option to see if it would help, but it hasn’t solved the problem.
It works maybe 10% of the time, but most of the time it fails with something like:
Failed: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Details: System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
at Duplicati.Library.Main.Operation.FilelistProcessor.RemoteListAnalysis(BackendManager backend, Options options, LocalDatabase database, IBackendWriter log, String protectedfile)
at Duplicati.Library.Main.Operation.FilelistProcessor.VerifyRemoteList(BackendManager backend, Options options, LocalDatabase database, IBackendWriter log, String protectedfile)
at Duplicati.Library.Main.Operation.BackupHandler.Run(String sources, IFilter filter)
at Duplicati.Library.Main.Controller.<>c__DisplayClass16_0.<Backup>b__0(BackupResults result)
at Duplicati.Library.Main.Controller.RunAction[T](T result, String& paths, IFilter& filter, Action`1 method)
Yep, with SSL enabled I get the underlying connection closed and other error messages most of the time. Occasionally it works, which to me is strange. SSL is currently disabled and it works 100% of the time.
I’m using the default cert on my Synology NAS. It is basically a self-signed cert.
When I first tried setting this up, I trusted only its hash. I had the problem so I changed it to accept all certs to see if it would help.
I could try generating my own cert and trying again with just the hash, if you think it might make a difference. I typically use openssl to generate… RSA 4096-bit w/ SHA256 hash. Let me know if there are any gotchas with the params used to generate a cert.
There is a known problem in the beta (fixed in latest canary) that the tray-icon runs in the same process as the backup jobs, and uses the same methods. This means that each time the tray-icon performs a request to see if the icon should be updated, it will reset the ssl settings for the running backup.
You can either start the trayicon itself with --accept-any-ssl-certificate and also set the job up with this, or try the latest canary build.
I’m still running 220.127.116.11_beta_2017-08-01 on all the machines. I added the --accept-specified-ssl-hash option to the backup set definition and also to the command line for the initial launch of the GUI process. It was that second part that solved it…