Hi there,
I´m runnig Duplicati on Cent OS 8 Stream and I´m a little bit unsure how to update Duplicati. Is there a repository I can add to my package manager? Or is it best to download the latest package manually and install it? In this case - what happens to my configuration?
Thx 
Hello
There is an automatic update feature in the Web UI.
Never heard of a Centos repo for Duplicati, so guess not.
Your configuration should be kept.
Hey,
thx for the fast replay. Not sure how to quote here, but:
There is an automatic update feature in the Web UI.
It´s broken (“error in updater”) // 2.0.6.3_beta_2021-06-17. So just download the package manually?
System.Net.WebException: Error: TrustFailure (Authentication failed, see inner exception.) ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
at /builddir/build/BUILD/mono-6.12.0.107/external/boringssl/ssl/handshake_client.c:1132
at Mono.Btls.MonoBtlsContext.ProcessHandshake () [0x00048] in <5ac5513a1ab7495cab9a4cbe1e35d78f>:0
at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status, System.Boolean renegotiate) [0x000da] in <5ac5513a1ab7495cab9a4cbe1e35d78f>:0
at (wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake(Mono.Net.Security.AsyncOperationStatus,bool)
at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00006] in <5ac5513a1ab7495cab9a4cbe1e35d78f>:0
at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation (System.Threading.CancellationToken cancellationToken) [0x000fc] in <5ac5513a1ab7495cab9a4cbe1e35d78f>:0
--- End of inner exception stack trace ---
at Mono.Net.Security.MobileAuthenticatedStream.ProcessAuthentication (System.Boolean runSynchronously, Mono.Net.Security.MonoSslAuthenticationOptions options, System.Threading.CancellationToken cancellationToken) [0x00262] in <5ac5513a1ab7495cab9a4cbe1e35d78f>:0
at Mono.Net.Security.MonoTlsStream.CreateStream (System.Net.WebConnectionTunnel tunnel, System.Threading.CancellationToken cancellationToken) [0x0016a] in <5ac5513a1ab7495cab9a4cbe1e35d78f>:0
at System.Net.WebConnection.CreateStream (System.Net.WebOperation operation, System.Boolean reused, System.Threading.CancellationToken cancellationToken) [0x001ba] in <5ac5513a1ab7495cab9a4cbe1e35d78f>:0
--- End of inner exception stack trace ---
at System.Net.WebConnection.CreateStream (System.Net.WebOperation operation, System.Boolean reused, System.Threading.CancellationToken cancellationToken) [0x0021a] in <5ac5513a1ab7495cab9a4cbe1e35d78f>:0
at System.Net.WebConnection.InitConnection (System.Net.WebOperation operation, System.Threading.CancellationToken cancellationToken) [0x00141] in <5ac5513a1ab7495cab9a4cbe1e35d78f>:0
at System.Net.WebOperation.Run () [0x0009a] in <5ac5513a1ab7495cab9a4cbe1e35d78f>:0
at System.Net.WebCompletionSource`1[T].WaitForCompletion () [0x00094] in <5ac5513a1ab7495cab9a4cbe1e35d78f>:0
at System.Net.HttpWebRequest.RunWithTimeoutWorker[T] (System.Threading.Tasks.Task`1[TResult] workerTask, System.Int32 timeout, System.Action abort, System.Func`1[TResult] aborted, System.Threading.CancellationTokenSource cts) [0x000f8] in <5ac5513a1ab7495cab9a4cbe1e35d78f>:0
at System.Net.HttpWebRequest.GetResponse () [0x00016] in <5ac5513a1ab7495cab9a4cbe1e35d78f>:0
at System.Net.WebClient.GetWebResponse (System.Net.WebRequest request) [0x00000] in <5ac5513a1ab7495cab9a4cbe1e35d78f>:0
at System.Net.WebClient.DownloadBits (System.Net.WebRequest request, System.IO.Stream writeStream) [0x000e6] in <5ac5513a1ab7495cab9a4cbe1e35d78f>:0
at System.Net.WebClient.DownloadFile (System.Uri address, System.String fileName) [0x00088] in <5ac5513a1ab7495cab9a4cbe1e35d78f>:0
at System.Net.WebClient.DownloadFile (System.String address, System.String fileName) [0x00008] in <5ac5513a1ab7495cab9a4cbe1e35d78f>:0
at (wrapper remoting-invoke-with-check) System.Net.WebClient.DownloadFile(string,string)
at Duplicati.Library.AutoUpdater.UpdaterManager.CheckForUpdate (Duplicati.Library.AutoUpdater.ReleaseType channel) [0x000ee] in <8d4cb1693e00483189d3952c3f0ed20f>:0
Can’t Centos 8 do better than that ? This was published in oct 2020. On my (K)ubuntu 22.04 mono is at 6.12.0.200 that was published in July 2023. Certificates are moving fast.
Old Let’s Encrypt Root Certificate Expiration and OpenSSL 1.0.2 is probably the problem.
Although your OS is maybe on 1.1.1, mono’s SSL is BoringSSL forked at OpenSSL 1.0.2.
Some vendors have (over time) removed the offending certificate. Maybe yours has not…
Please make sure the OS certificates are up to date, but you might need manual removal.
The error will find scattered OS-dependent methods, and I’m not sure what fits yours best.
The ideal solution would be resistant to a future OS update (not) helpfully undoing remove.
Http send report errors / duplicati-monitoring is midway in one discussion that might assist.
RHEL/CentOS 7 Fix for Let’s Encrypt Change came up somehow when I was fishing for CentOS 8.
There are manual steps then a claimed update for 7 that avoids them. I don’t know the history for 8.
…or I didn’t, but I found more starting from an interesting article on the general certificates situation.
The RHEL root trust store and why it matters for security
Although Red Hat information is more login-only than before, this change might be relevant. Have it?
Bug 2118463 - Expiring O = Digital Signature Trust Co., CN = DST Root CA X3 [rhel-8.6.0.z]
RHBA-2022:6459 - Bug Fix Advisory
FAQ: Security gives a method of testing if mono can get to a site. Test https://updates.duplicati.com.
Because I think Duplicati’s sites use Let’s Encrypt, it may fail until that certificate removal gets done.