Warning - No Certificates Found

Backup is working, but I get the following warning:

2020-04-17 16:08:33 -04 - [Warning-Duplicati.Library.Modules.Builtin.CheckMonoSSL-MissingCerts]: No certificates found, you can install some with one of these commands: cert-sync /etc/ssl/certs/ca-certificates.crt #for Debian based systems cert-sync /etc/pki/tls/certs/ca-bundle.crt #for RedHat derivatives curl -O https://curl.haxx.se/ca/cacert.pem; cert-sync --user cacert.pem; rm cacert.pem #for MacOS Read more: http://www.mono-project.com/docs/about-mono/releases/3.12.0/#cert-sync

Backup target is an external (SFTP) SSH target. Not sure why this is needed since the target isn’t an S3 cloud provider.

Mono version: 6.6.0.161
Duplicati version: 2.0.5.1
Gentoo

It looks like it does this check regardless of what back end you’re using. Even though you aren’t using TLS, the most straightforward way to get rid of this error is to just install the certs per the recommendation.

You’re right, I don’t like it, but you were right.

1 Like

Even if you don’t utilize a back end that implements TLS, I’m thinking the certs are useful for other reasons: autoupdater, sending reports to secure https, sending email alerts to TLS-enabled mail services, etc.

Can someone help me on macOS Big Sur… the instructions seem to cut off too soon…

1 Like

@Roger_Peters - same for me here. Got a new Mac mini M1.

The mentioned cmd for the terminal doesn’t work. Can anybody help us out?

curl -O https://curl.haxx.se/ca/cacert.pem; cert-sync --user cacert.pem; rm cacert.pem
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   299  100   299    0     0    148      0  0:00:02  0:00:02 --:--:--   148
Mono Certificate Store Sync - version 6.12.0.0
Populate Mono certificate store from a concatenated list of certificates.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed.

No certificates were found.

:face_with_monocle: Any developers available?
It’s not optimal providing wrong/outdated installation advisories.

What does “cut off too soon mean”? Does it mean you wound up at

Look at cacert.pem file that you downloaded. If it looks like the below, try again with new URL it gave.

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://curl.se/ca/cacert.pem">here</a>.</p>
<hr>
<address>Apache Server at curl.haxx.se Port 80</address>
</body></html>

My guess is that the world changed after Duplicati was released, but testing is needed to confirm fix.

The journey to a curl domain

Starting on November 4, 2020 curl.se is the new official home site for the curl project. The curl.haxx.se name will of course remain working for a long time more and I figure we can basically never shut it down as there are so many references to it spread out over the world. I intend to eventually provide redirects for most things from the old name to the new.

The problem with redirects is that curl doesn’t follow them unless the -L or --location option is given.
That can be tried instead of changing the original URL. Maybe as people try this, say which you used.

FAQ: Security from the Mono project shows how to check certificates without Duplicati, but also says:

(Recommended) Starting with Mono 3.12.0 a new tool called cert-sync is included which syncs Mono’s certificate store with the system certificate store. It should run automatically when you install the official Mono packages. Make sure the ca-certificates-mono package is installed.

so a question would be how you installed Mono. I can’t help much on directions, as I don’t have a Mac.

The Mono project references are probably referring to their own Download page. Maybe a third option.

Make sure that the mono you got or macOS gave is at least version 5 (soon 5.10) in mono --version.