Seaf-cli Linux seaf-cli ssl error

Hello I’m using
seafile server version: 7.010
seafile client version 8.04

When I try to use the seaf-cli to list the remote libraries using the following command:

/usr/bin/seaf-cli list-remote -s https://server.example.com/seafile -u USER -p PASSWORD -c /autosync/.ccnet/

I end up with the following erro message.

urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:720)>

This has been working in the past.

Accessing the web interface, shows the correct certificate i.e. no SSL error however using the command:

curl https://server.example.com/seafile
curl: (60) SSL certificate problem: certificate has expired

I get “certificate expired”

I’m running nginx

curl --insecure -I https://server.example.com/seafile
HTTP/1.1 301 Moved Permanently
Date: Mon, 25 Oct 2021 16:04:08 GMT
Server: nginx/1.14.0 (Ubuntu)
Strict-Transport-Security: max-age=10886400
Content-Type: text/html; charset=utf-8
Vary: Accept-Language,Cookie
Location: /seafile/
Content-Language: en
Via: 1.1 server.safeback.com

Where do I need to look to fix this issue?

curl

Looks like your server certificate has expired (exactly like the message says! :wink: ) You might want to check it. Please see:

https://learn.akamai.com/en-us/webhelp/enterprise-application-access/enterprise-application-access/GUID-9D88336D-2733-4325-913C-916403E03D48.html

Hello,
thanks for your response. I don’t belief it is a expired certificate, reason being is the fact that if I browse to https://server.eample.com/seafile I don’t get a “expired certificate” notification

However I did run the command you suggested:

openssl s_client -servername -connect :443 2>/dev/null | openssl x509 -noout -dates

and I get the following responses:

unable to load certificate
139935979663424:error:0906D06C:PEM routines:PEM_read_bio:no start line:…/crypto/pem/pem_lib.c:686:Expecting: TRUSTED CERTIFICATE

I’m using Let’s Encrypt certificates.

Any thoughts?

Thanks
Alex

My best guess is that this is your problem: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

Depending on your client system you may need to update your ssl libraries and/or remove the old root certificate/install the new root certificate. Google is your friend.

P.S.: Your browser uses the internal root certificates and not the root certificates from the system.