Ok… finally managed to fix it for my container.
It seems there was a .mono folder with certificates on the /data volume mounted in the container.
I removed that folder and then ran the commands referenced in the post of @drwtsn32 and now it seems to work. I guess there was some left over stuff from trying to get it to work. Didn’t anticipate it being in the data volume.
root@server:/root# docker exec -ti -u root duplicati bash
root@1ac12dc7cd9b:/# csharp -e 'new System.Net.WebClient ().DownloadString ("https://api.backblazeb2.com")'
System.Net.WebException: Error: TrustFailure (Authentication failed, see inner exception.) ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
at /build/mono-6.12.0.107/external/boringssl/ssl/handshake_client.c:1132
...
root@1ac12dc7cd9b:/# apt-get update
Get:1 http://security.debian.org/debian-security buster/updates InRelease [65.4 kB]
Get:2 http://deb.debian.org/debian buster InRelease [122 kB]
Get:3 http://deb.debian.org/debian buster-updates InRelease [51.9 kB]
Get:5 http://security.debian.org/debian-security buster/updates/main amd64 Packages [309 kB]
Get:4 https://download.mono-project.com/repo/debian stable-buster/snapshots/6.12.0.107 InRelease [5888 B]
Get:6 http://deb.debian.org/debian buster/main amd64 Packages [7906 kB]
Get:7 https://download.mono-project.com/repo/debian stable-buster/snapshots/6.12.0.107/main amd64 Packages [48.8 kB]
Get:8 http://deb.debian.org/debian buster-updates/main amd64 Packages [15.2 kB]
Fetched 8524 kB in 3s (3297 kB/s)
Reading package lists... Done
W: Conflicting distribution: https://download.mono-project.com/repo/debian stable-buster/snapshots/6.12.0.107 InRelease (expected stable-buster/snapshots/6.12.0.107 but got buster)
root@1ac12dc7cd9b:/# apt-get install ca-certificates
Reading package lists... Done
Building dependency tree
Reading state information... Done
ca-certificates is already the newest version (20200601~deb10u2).
ca-certificates set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and 19 not upgraded.
root@1ac12dc7cd9b:/# rm -f /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
root@1ac12dc7cd9b:/# update-ca-certificates
Updating certificates in /etc/ssl/certs...
W: /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt not found, but listed in /etc/ca-certificates.conf.
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
Updating Mono key store
Mono Certificate Store Sync - version 6.12.0.107
Populate Mono certificate store from a concatenated list of certificates.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed.
Importing into legacy system store:
I already trust 137, your new list has 136
1 previously trusted certificates were removed.
Certificate removed: O=Digital Signature Trust Co., CN=DST Root CA X3
Import process completed.
Importing into BTLS system store:
I already trust 137, your new list has 136
1 previously trusted certificates were removed.
Certificate removed: O=Digital Signature Trust Co., CN=DST Root CA X3
Import process completed.
Done
done.
root@1ac12dc7cd9b:/$ csharp -e 'new System.Net.WebClient ().DownloadString ("https://api.backblazeb2.com/")'
"<!DOCTYPE html>
<html lang="en">
<head>
...