Unable to create SSL certificate using provided parameters. Exception detail: Unable to decode certificate

Ubuntu 23.04.
duplicati_2.0.7.1-1_all.deb
mono --version
Mono JIT compiler version 6.8.0.105 (Debian 6.8.0.105+dfsg-3.3 Wed Dec 14 17:29:20 UTC 2022)

/usr/bin/duplicati-server --webservice-interface=any --webservice-port=10443 --webservice-sslcertificatefile=/root/.config/Duplicati/keyStore.pfx --webservice-sslcertificatepassword=apassword

Setup with:

openssl req -x509 -newkey rsa:4096 -keyout myKey.pem -out cert.pem -days 3650 -nodes

openssl pkcs12 -export -out keyStore.pfx -inkey myKey.pem -in cert.pem

Verified with

openssl pkcs12 -in keyStore.pfx

which worked when I gave the password.

However, I get this error from duplicati:

/usr/bin/duplicati-server --webservice-interface=any --webservice-port=8443 --webservice-sslcertificatefile=/root/.config/Duplicati/keyStore.pfx --webservice-sslcertificatepassword=apassword
A serious error occurred in Duplicati: System.Exception: Unable to create SSL certificate using provided parameters. Exception detail: Unable to decode certificate. ---> System.Security.Cryptography.CryptographicException: Unable to decode certificate. ---> System.Security.Cryptography.CryptographicException: `MonoBtlsPkcs12.Import` failed.
  at Mono.Btls.MonoBtlsObject.CheckError (System.Boolean ok, System.String callerName) [0x00022] in <a85c1a570f9a4f9f9c3d2cfa5504e34f>:0
  at Mono.Btls.MonoBtlsObject.CheckError (System.Int32 ret, System.String callerName) [0x00000] in <a85c1a570f9a4f9f9c3d2cfa5504e34f>:0
  at Mono.Btls.MonoBtlsPkcs12.Import (System.Byte[] buffer, Microsoft.Win32.SafeHandles.SafePasswordHandle password) [0x00033] in <a85c1a570f9a4f9f9c3d2cfa5504e34f>:0
  at Mono.Btls.X509CertificateImplBtls.ImportPkcs12 (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password) [0x00054] in <a85c1a570f9a4f9f9c3d2cfa5504e34f>:0
  at Mono.Btls.X509CertificateImplBtls..ctor (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x00061] in <a85c1a570f9a4f9f9c3d2cfa5504e34f>:0
   --- End of inner exception stack trace ---
  at Mono.Btls.X509CertificateImplBtls..ctor (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x0009b] in <a85c1a570f9a4f9f9c3d2cfa5504e34f>:0
  at Mono.Btls.MonoBtlsProvider.GetNativeCertificate (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags flags) [0x00000] in <a85c1a570f9a4f9f9c3d2cfa5504e34f>:0
  at Mono.Btls.X509PalImplBtls.Import (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x00006] in <a85c1a570f9a4f9f9c3d2cfa5504e34f>:0
  at Mono.SystemCertificateProvider.Import (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags, Mono.CertificateImportFlags importFlags) [0x00021] in <a85c1a570f9a4f9f9c3d2cfa5504e34f>:0
  at Mono.SystemCertificateProvider.Mono.ISystemCertificateProvider.Import (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags, Mono.CertificateImportFlags importFlags) [0x00000] in <a85c1a570f9a4f9f9c3d2cfa5504e34f>:0
  at System.Security.Cryptography.X509Certificates.X509Helper.Import (System.Byte[] rawData, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x00005] in <12b418a7818c4ca0893feeaaf67f1e7f>:0
  at System.Security.Cryptography.X509Certificates.X509Certificate..ctor (System.String fileName, System.String password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x00041] in <12b418a7818c4ca0893feeaaf67f1e7f>:0
  at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor (System.String fileName, System.String password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x00000] in <a85c1a570f9a4f9f9c3d2cfa5504e34f>:0
  at Duplicati.Server.WebServer.Server..ctor (System.Collections.Generic.IDictionary`2[TKey,TValue] options) [0x001c6] in <30a34d71126b48248d040dda634ddad9>:0
   --- End of inner exception stack trace ---
  at Duplicati.Server.WebServer.Server..ctor (System.Collections.Generic.IDictionary`2[TKey,TValue] options) [0x001f2] in <30a34d71126b48248d040dda634ddad9>:0
  at Duplicati.Server.Program.StartWebServer (System.Collections.Generic.Dictionary`2[TKey,TValue] commandlineOptions) [0x00000] in <30a34d71126b48248d040dda634ddad9>:0
  at Duplicati.Server.Program.RealMain (System.String[] _args) [0x00227] in <30a34d71126b48248d040dda634ddad9>:0

how did you get this outdated version ? following the official process to install Duplicati gets you 6.12.

I downloaded the deb and used apt-get install ./duplicati_2.0.7.1-1_all.deb

Apt automatically added the following dependencies on Ubuntu 23.04 (server edition) so I’d guess that the .deb dependency list doesn’t lock to a later version:

adwaita-icon-theme at-spi2-common ca-certificates-mono cli-common gtk-sharp2 gtk-sharp2-examples gtk-sharp2-gapi gtk-update-icon-cache humanity-icon-theme libappindicator0.1-cil libappindicator1 libatk1.0-0 libauthen-sasl-perl libdata-dump-perl libdbusmenu-glib4
libdbusmenu-gtk4 libencode-locale-perl libfile-listing-perl libfont-afm-perl libgail-common libgail18 libgdiplus libgif7 libglade2-0 libglade2.0-cil libglade2.0-cil-dev libglib2.0-cil libglib2.0-cil-dev libgtk2.0-0 libgtk2.0-bin libgtk2.0-cil libgtk2.0-cil-dev
libgtk2.0-common libhtml-form-perl libhtml-format-perl libhtml-parser-perl libhtml-tagset-perl libhtml-tree-perl libhttp-cookies-perl libhttp-daemon-perl libhttp-date-perl libhttp-message-perl libhttp-negotiate-perl libio-html-perl libio-socket-ssl-perl
libjs-xmlextras liblwp-mediatypes-perl liblwp-protocol-https-perl libmailtools-perl libmono-2.0-1 libmono-2.0-dev libmono-accessibility4.0-cil libmono-btls-interface4.0-cil libmono-cairo4.0-cil libmono-cecil-private-cil libmono-cil-dev libmono-codecontracts4.0-cil
libmono-compilerservices-symbolwriter4.0-cil libmono-corlib4.5-cil libmono-corlib4.5-dll libmono-cscompmgd0.0-cil libmono-csharp4.0c-cil libmono-custommarshalers4.0-cil libmono-data-tds4.0-cil libmono-db2-1.0-cil libmono-debugger-soft4.0a-cil libmono-http4.0-cil
libmono-i18n-cjk4.0-cil libmono-i18n-mideast4.0-cil libmono-i18n-other4.0-cil libmono-i18n-rare4.0-cil libmono-i18n-west4.0-cil libmono-i18n4.0-all libmono-i18n4.0-cil libmono-ldap4.0-cil libmono-management4.0-cil libmono-messaging-rabbitmq4.0-cil
libmono-messaging4.0-cil libmono-microsoft-build-engine4.0-cil libmono-microsoft-build-framework4.0-cil libmono-microsoft-build-tasks-v4.0-4.0-cil libmono-microsoft-build-utilities-v4.0-4.0-cil libmono-microsoft-build4.0-cil libmono-microsoft-csharp4.0-cil
libmono-microsoft-visualc10.0-cil libmono-microsoft-web-infrastructure1.0-cil libmono-oracle4.0-cil libmono-parallel4.0-cil libmono-peapi4.0a-cil libmono-posix4.0-cil libmono-rabbitmq4.0-cil libmono-relaxng4.0-cil libmono-security4.0-cil libmono-sharpzip4.84-cil
libmono-simd4.0-cil libmono-smdiagnostics0.0-cil libmono-sqlite4.0-cil libmono-system-componentmodel-composition4.0-cil libmono-system-componentmodel-dataannotations4.0-cil libmono-system-configuration-install4.0-cil libmono-system-configuration4.0-cil
libmono-system-core4.0-cil libmono-system-data-datasetextensions4.0-cil libmono-system-data-entity4.0-cil libmono-system-data-linq4.0-cil libmono-system-data-services-client4.0-cil libmono-system-data-services4.0-cil libmono-system-data4.0-cil
libmono-system-deployment4.0-cil libmono-system-design4.0-cil libmono-system-drawing-design4.0-cil libmono-system-drawing4.0-cil libmono-system-dynamic4.0-cil libmono-system-enterpriseservices4.0-cil libmono-system-identitymodel-selectors4.0-cil
libmono-system-identitymodel4.0-cil libmono-system-io-compression-filesystem4.0-cil libmono-system-io-compression4.0-cil libmono-system-json-microsoft4.0-cil libmono-system-json4.0-cil libmono-system-ldap-protocols4.0-cil libmono-system-ldap4.0-cil
libmono-system-management4.0-cil libmono-system-messaging4.0-cil libmono-system-net-http-formatting4.0-cil libmono-system-net-http-webrequest4.0-cil libmono-system-net-http4.0-cil libmono-system-net4.0-cil libmono-system-numerics-vectors4.0-cil
libmono-system-numerics4.0-cil libmono-system-reactive-core2.2-cil libmono-system-reactive-debugger2.2-cil libmono-system-reactive-experimental2.2-cil libmono-system-reactive-interfaces2.2-cil libmono-system-reactive-linq2.2-cil
libmono-system-reactive-observable-aliases0.0-cil libmono-system-reactive-platformservices2.2-cil libmono-system-reactive-providers2.2-cil libmono-system-reactive-runtime-remoting2.2-cil libmono-system-reactive-windows-forms2.2-cil
libmono-system-reactive-windows-threading2.2-cil libmono-system-reflection-context4.0-cil libmono-system-runtime-caching4.0-cil libmono-system-runtime-durableinstancing4.0-cil libmono-system-runtime-serialization-formatters-soap4.0-cil
libmono-system-runtime-serialization4.0-cil libmono-system-runtime4.0-cil libmono-system-security4.0-cil libmono-system-servicemodel-activation4.0-cil libmono-system-servicemodel-discovery4.0-cil libmono-system-servicemodel-internals0.0-cil
libmono-system-servicemodel-routing4.0-cil libmono-system-servicemodel-web4.0-cil libmono-system-servicemodel4.0a-cil libmono-system-serviceprocess4.0-cil libmono-system-threading-tasks-dataflow4.0-cil libmono-system-transactions4.0-cil
libmono-system-web-abstractions4.0-cil libmono-system-web-applicationservices4.0-cil libmono-system-web-dynamicdata4.0-cil libmono-system-web-extensions-design4.0-cil libmono-system-web-extensions4.0-cil libmono-system-web-http-selfhost4.0-cil
libmono-system-web-http-webhost4.0-cil libmono-system-web-http4.0-cil libmono-system-web-mobile4.0-cil libmono-system-web-mvc3.0-cil libmono-system-web-razor2.0-cil libmono-system-web-regularexpressions4.0-cil libmono-system-web-routing4.0-cil
libmono-system-web-services4.0-cil libmono-system-web-webpages-deployment2.0-cil libmono-system-web-webpages-razor2.0-cil libmono-system-web-webpages2.0-cil libmono-system-web4.0-cil libmono-system-windows-forms-datavisualization4.0a-cil
libmono-system-windows-forms4.0-cil libmono-system-windows4.0-cil libmono-system-workflow-activities4.0-cil libmono-system-workflow-componentmodel4.0-cil libmono-system-workflow-runtime4.0-cil libmono-system-xaml4.0-cil libmono-system-xml-linq4.0-cil
libmono-system-xml-serialization4.0-cil libmono-system-xml4.0-cil libmono-system4.0-cil libmono-tasklets4.0-cil libmono-webbrowser4.0-cil libmono-webmatrix-data4.0-cil libmono-windowsbase4.0-cil libmono-xbuild-tasks4.0-cil libmonosgen-2.0-1 libmonosgen-2.0-dev
libnet-http-perl libnet-smtp-ssl-perl libnet-ssleay-perl libnunit-cil-dev libnunit-console-runner2.6.3-cil libnunit-core-interfaces2.6.3-cil libnunit-core2.6.3-cil libnunit-framework2.6.3-cil libnunit-mocks2.6.3-cil libnunit-util2.6.3-cil libtimedate-perl
libtry-tiny-perl liburi-perl libwww-perl libwww-robotrules-perl libxcomposite1 libxcursor1 libxdamage1 libxi6 libxinerama1 libxml-libxml-perl libxml-namespacesupport-perl libxml-parser-perl libxml-sax-base-perl libxml-sax-expat-perl libxml-sax-perl libxrandr2
mono-4.0-gac mono-csharp-shell mono-devel mono-gac mono-mcs mono-runtime mono-runtime-common mono-runtime-sgen mono-xbuild mono-xsp4 mono-xsp4-base monodoc-base monodoc-gtk2.0-manual monodoc-http monodoc-manual perl-openssl-defaults ubuntu-mono

Since my version of Ubuntu is EoL I’m going to update my distro and configure 23.10 to pull the latest mono from Microsoft.

Also doing a reinstall of Duplicati.

There is a documentation for Duplicati, see it here:

Upgraded to 23.10. Used the instructions at Duplicati 2 User’s Manual, but the following errors were encountered:

$ sudo apt install mono-devel gtk-sharp2 libappindicator0.1-cil libmono-2.0-1
Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
mono-devel is already the newest version (6.12.0.200-0xamarin2+ubuntu2004b1).
gtk-sharp2 is already the newest version (2.12.45-0xamarin19+ubuntu2004b1).
libappindicator0.1-cil is already the newest version (12.10.1+20.10.20200706.1-0ubuntu1).
libmono-2.0-1 is already the newest version (6.12.0.200-0xamarin2+ubuntu2004b1).
You might want to run ‘apt --fix-broken install’ to correct these.
The following packages have unmet dependencies:
monodoc-http : Depends: mono-xsp4 but it is not going to be installed or
mono-apache-server4 but it is not going to be installed or
mono-fastcgi-server4 but it is not going to be installed
E: Unmet dependencies. Try ‘apt --fix-broken install’ with no packages (or specify a solution).
$ sudo apt --fix-broken install
Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
Correcting dependencies… Done
The following additional packages will be installed:
mono-xsp4
The following NEW packages will be installed:
mono-xsp4
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
231 not fully installed or removed.
Need to get 0 B/62.3 kB of archives.
After this operation, 164 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Preconfiguring packages …
(Reading database … 154602 files and directories currently installed.)
Preparing to unpack …/mono-xsp4_4.7.1-0xamarin3+ubuntu2004b1_all.deb …
Failed to stop mono-xsp4.service: Unit mono-xsp4.service not loaded.
invoke-rc.d: initscript mono-xsp4, action “stop” failed.
dpkg: error processing archive /var/cache/apt/archives/mono-xsp4_4.7.1-0xamarin3+ubuntu2004b1_all.deb (–unpack):
new mono-xsp4 package pre-installation script subprocess returned error exit status 5
Errors were encountered while processing:
/var/cache/apt/archives/mono-xsp4_4.7.1-0xamarin3+ubuntu2004b1_all.deb
needrestart is being skipped since dpkg has failed
E: Sub-process /usr/bin/dpkg returned an error code (1)

Backed out changes with

sudo dpkg --configure -a

sudo apt-get purge -y monodoc-manual  monodoc-gtk2.0-manual gtk-sharp2 monodoc-http

sudo  apt-get purge ubuntu-mono -y

Decided to try a clean start again.

sudo apt-get purge -y mono-4.0-gac

sudo apt-get autoremove -y

sudo apt-get purge -y mono-xsp4 mono-llvm-tools
sudo apt-get purge -y libmono-2.0-1 libmonosgen-2.0-1
sudo apt-get autoremove -y

$ dpkg --get-selections | grep mono
fonts-dejavu-mono                               install
fonts-noto-mono                                 install

Used the mono instructions at Download - Stable | Mono
I used the Ubuntu 20.04 instructions, but my OS was 23.10:

sudo apt install ca-certificates gnupg
sudo gpg --homedir /tmp --no-default-keyring --keyring /usr/share/keyrings/mono-official-archive-keyring.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
echo "deb [signed-by=/usr/share/keyrings/mono-official-archive-keyring.gpg] https://download.mono-project.com/repo/ubuntu stable-focal main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list
sudo apt update

sudo apt install mono-complete

mono --version
Mono JIT compiler version 6.12.0.200 (tarball Tue Jul 11 21:37:50 UTC 2023)
Copyright (C) 2002-2014 Novell, Inc, Xamarin Inc and Contributors. www.mono-project.com
        TLS:           __thread
        SIGSEGV:       altstack
        Notifications: epoll
        Architecture:  amd64
        Disabled:      none
        Misc:          softdebug
        Interpreter:   yes
        LLVM:          yes(610)
        Suspend:       hybrid
        GC:            sgen (concurrent by default)

The install of duplicati on Ubuntu 23.10:

# sudo apt-get install ./duplicati_2.0.7.1-1_all.deb
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'duplicati' instead of './duplicati_2.0.7.1-1_all.deb'
The following additional packages will be installed:
  adwaita-icon-theme at-spi2-common gtk-sharp2 gtk-sharp2-examples gtk-sharp2-gapi gtk-update-icon-cache humanity-icon-theme libappindicator0.1-cil libappindicator1 libatk1.0-0 libauthen-sasl-perl libdata-dump-perl libdbusmenu-glib4 libdbusmenu-gtk4
  libencode-locale-perl libfile-listing-perl libfont-afm-perl libgail-common libgail18 libgdk-pixbuf-xlib-2.0-0 libgdk-pixbuf2.0-0 libglade2-0 libglade2.0-cil libglade2.0-cil-dev libglib2.0-cil libglib2.0-cil-dev libgtk2.0-0 libgtk2.0-bin libgtk2.0-cil
  libgtk2.0-cil-dev libgtk2.0-common libhtml-form-perl libhtml-format-perl libhtml-parser-perl libhtml-tagset-perl libhtml-tree-perl libhttp-cookies-perl libhttp-daemon-perl libhttp-date-perl libhttp-message-perl libhttp-negotiate-perl libio-html-perl
  libio-socket-ssl-perl liblwp-mediatypes-perl liblwp-protocol-https-perl libmailtools-perl libnet-http-perl libnet-smtp-ssl-perl libnet-ssleay-perl libtimedate-perl libtry-tiny-perl liburi-perl libwww-perl libwww-robotrules-perl libxcomposite1 libxcursor1 libxdamage1
  libxi6 libxinerama1 libxml-libxml-perl libxml-namespacesupport-perl libxml-parser-perl libxml-sax-base-perl libxml-sax-expat-perl libxml-sax-perl libxrandr2 monodoc-gtk2.0-manual perl-openssl-defaults ubuntu-mono
Suggested packages:
  indicator-application libdigest-hmac-perl libgssapi-perl gvfs libio-compress-brotli-perl libcrypt-ssleay-perl libsub-name-perl libbusiness-isbn-perl libregexp-ipv6-perl libauthen-ntlm-perl libxml-sax-expatxs-perl debhelper
The following NEW packages will be installed:
  adwaita-icon-theme at-spi2-common duplicati gtk-sharp2 gtk-sharp2-examples gtk-sharp2-gapi gtk-update-icon-cache humanity-icon-theme libappindicator0.1-cil libappindicator1 libatk1.0-0 libauthen-sasl-perl libdata-dump-perl libdbusmenu-glib4 libdbusmenu-gtk4
  libencode-locale-perl libfile-listing-perl libfont-afm-perl libgail-common libgail18 libgdk-pixbuf-xlib-2.0-0 libgdk-pixbuf2.0-0 libglade2-0 libglade2.0-cil libglade2.0-cil-dev libglib2.0-cil libglib2.0-cil-dev libgtk2.0-0 libgtk2.0-bin libgtk2.0-cil
  libgtk2.0-cil-dev libgtk2.0-common libhtml-form-perl libhtml-format-perl libhtml-parser-perl libhtml-tagset-perl libhtml-tree-perl libhttp-cookies-perl libhttp-daemon-perl libhttp-date-perl libhttp-message-perl libhttp-negotiate-perl libio-html-perl
  libio-socket-ssl-perl liblwp-mediatypes-perl liblwp-protocol-https-perl libmailtools-perl libnet-http-perl libnet-smtp-ssl-perl libnet-ssleay-perl libtimedate-perl libtry-tiny-perl liburi-perl libwww-perl libwww-robotrules-perl libxcomposite1 libxcursor1 libxdamage1
  libxi6 libxinerama1 libxml-libxml-perl libxml-namespacesupport-perl libxml-parser-perl libxml-sax-base-perl libxml-sax-expat-perl libxml-sax-perl libxrandr2 monodoc-gtk2.0-manual perl-openssl-defaults ubuntu-mono
0 upgraded, 70 newly installed, 0 to remove and 0 not upgraded.
Need to get 14.5 MB/42.5 MB of archives.
After this operation, 139 MB of additional disk space will be used.
Do you want to continue? [Y/n]

cd ~/.config/Duplicati

openssl req -x509 -newkey rsa:4096 -nodes -out cert.crt -keyout cert.key -days 3653 -subj "/CN=localhost"

openssl pkcs12 -export -out keyStore.p12 -inkey cert.key -in cert.crt -password pass:password

sudo sed -i 's/DAEMON_OPTS=""/DAEMON_OPTS="--webservice-interface=any --webservice-port=9443 --webservice-sslcertificatefile=\/root\/.config\/Duplicati\/keyStore.p12 --webservice-sslcertificatepassword=password"/' /etc/default/duplicati

systemctl enable duplicati
systemctl start duplicati
systemctl status duplicati

Still a failure to decode:

# /usr/bin/duplicati-server --webservice-interface=any --webservice-port=9443 --webservice-sslcertificatefile=/root/.config/Duplicati/keyStore.p12 --webservice-sslcertificatepassword=password
A serious error occurred in Duplicati: System.Exception: Unable to create SSL certificate using provided parameters. Exception detail: Unable to decode certificate. ---> System.Security.Cryptography.CryptographicException: Unable to decode certificate. ---> System.Security.Cryptography.CryptographicException: `MonoBtlsPkcs12.Import` failed.
  at Mono.Btls.MonoBtlsObject.CheckError (System.Boolean ok, System.String callerName) [0x0003b] in <a8a996a78a804d888710c9e2575d78c8>:0
  at Mono.Btls.MonoBtlsObject.CheckError (System.Int32 ret, System.String callerName) [0x00000] in <a8a996a78a804d888710c9e2575d78c8>:0
  at Mono.Btls.MonoBtlsPkcs12.Import (System.Byte[] buffer, Microsoft.Win32.SafeHandles.SafePasswordHandle password) [0x0002e] in <a8a996a78a804d888710c9e2575d78c8>:0
  at Mono.Btls.X509CertificateImplBtls.ImportPkcs12 (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password) [0x0003e] in <a8a996a78a804d888710c9e2575d78c8>:0
  at Mono.Btls.X509CertificateImplBtls..ctor (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x00047] in <a8a996a78a804d888710c9e2575d78c8>:0
   --- End of inner exception stack trace ---
  at Mono.Btls.X509CertificateImplBtls..ctor (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x00076] in <a8a996a78a804d888710c9e2575d78c8>:0
  at Mono.Btls.MonoBtlsProvider.GetNativeCertificate (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags flags) [0x00000] in <a8a996a78a804d888710c9e2575d78c8>:0
  at Mono.Btls.X509PalImplBtls.Import (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x00006] in <a8a996a78a804d888710c9e2575d78c8>:0
  at Mono.SystemCertificateProvider.Import (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags, Mono.CertificateImportFlags importFlags) [0x00017] in <a8a996a78a804d888710c9e2575d78c8>:0
  at Mono.SystemCertificateProvider.Mono.ISystemCertificateProvider.Import (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags, Mono.CertificateImportFlags importFlags) [0x00000] in <a8a996a78a804d888710c9e2575d78c8>:0
  at System.Security.Cryptography.X509Certificates.X509Helper.Import (System.Byte[] rawData, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x00005] in <d636f104d58046fd9b195699bcb1a744>:0
  at System.Security.Cryptography.X509Certificates.X509Certificate..ctor (System.String fileName, System.String password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x0003e] in <d636f104d58046fd9b195699bcb1a744>:0
  at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor (System.String fileName, System.String password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) [0x00000] in <a8a996a78a804d888710c9e2575d78c8>:0
  at Duplicati.Server.WebServer.Server..ctor (System.Collections.Generic.IDictionary`2[TKey,TValue] options) [0x001c6] in <30a34d71126b48248d040dda634ddad9>:0
   --- End of inner exception stack trace ---
  at Duplicati.Server.WebServer.Server..ctor (System.Collections.Generic.IDictionary`2[TKey,TValue] options) [0x001f2] in <30a34d71126b48248d040dda634ddad9>:0
  at Duplicati.Server.Program.StartWebServer (System.Collections.Generic.Dictionary`2[TKey,TValue] commandlineOptions) [0x00000] in <30a34d71126b48248d040dda634ddad9>:0
  at Duplicati.Server.Program.RealMain (System.String[] _args) [0x00227] in <30a34d71126b48248d040dda634ddad9>:0

# openssl version
OpenSSL 3.0.10 1 Aug 2023 (Library: OpenSSL 3.0.10 1 Aug 2023)


# mono --version
Mono JIT compiler version 6.12.0.200 (tarball Tue Jul 11 21:37:50 UTC 2023)

Using Ubuntu 23.10.

this is an OpenSSL 3 compatibility problem. SSL support by Mono is an old thing and not updated anymore. If you want to use a ‘protected’ pkcs12, you’ll need to use openssl 1.1.1 to generate it.

Mono cannot install and parse x.509 certificate that created by OpenSSL 3.0 toolkit #21565
suggests using -legacy which seems to help. I’m not an expert and haven’t tested it much.