Re: deskutils/nextcloudclient Cannot connect securely to

From: Guido Falsi <>
Date: Mon, 25 Oct 2021 07:51:12 UTC
On 25/10/21 08:14, Per olof Ljungmark wrote:
> FreeBSD 12-STABLE from Oct 15
> nextcloudclient 3.3.5
> I get popup messages from the client stating "Untrusted Certificate 
> Cannot connect securely to [server-name]".
> Browser access to the server is fine, no errors.
> Using truss, it seems it looks for and finds
> fstatat(AT_FDCWD,"/etc/ssl/certs//2e5ac55d.0",{ mode=-r--r--r-- 
> ,inode=192371,size=4665,blksize=5120 },0x0) = 0 (0x0)
> open("/etc/ssl/certs//2e5ac55d.0",O_RDONLY,0666) = 106535 (0x1a027)
> But 2e5ac55d.0 (DST_Root_CA_X3.pem) has expired.
> It also looks for 8d33f237.0, but it does not exist:
> fstatat(AT_FDCWD,"/etc/ssl/certs//8d33f237.0",0x7fffdf5f70a0,0x0) ERR#2 
> 'No such file or directory'
> How do I convince it to instead look for 4042bcee.0 which is the 
> ISRG_Root_X1.pem used by Letsencrypt?


What version of openssl are you using? versions before 1.1.0 show this 

Maybe a possible workaround is to manually remove the expired 
certificate from the list of trusted ones.

I guess you are using the ones installed by security/ca_root_nss, in 
which case you'll need to modify their list.

Guido Falsi <>