I and others are getting certificate errors in Linux preventing access to upload/download.
See Problems and bug reports thread SSH-Error - no updates possible.

I have lots of units that will time out tonight/Saturday if not uploaded.

---

Paul.

Looks like the intermediate cert isn't being sent by the server

I think, on Ubuntu 24.04 host, I have something like 174 completed units waiting for upload due to this problem.

It also won't let us get new WU's. So like, total shutdown.
Or Einstein@Home...

It also won't let us get new WU's. So like, total shutdown.
.

There's no more work anyway, so don't lose any sleep over that

You can download the interme. Certificate.

I found it on a server of the university of Münster (Germany)
https://www.uni-muenster.de/CA/de/cacerts.shtml

Debian:
1. go to /usr/share/ca-certificates
2. create a subfolder: ex. 3rd-party
3. download cert: wget https://www.uni-muenster.de/CA/harica-rsa-server-2025.crt
4. dpkg-reconfigure ca-certificates -> Choose Ask, set a mark on 3rd-party/harica-rsa-server-2025.crt and press OK

curl and boinc access are working again.

Edit: Orginal Cert: https://repo.harica.gr/rep_dyn.php

Thanks for that, needed re-boot to work.
Would BOINC re-start be enough?
2nd PC has long tasks with no checkpoint so harder to schedule.

I did:
paul@8NUC:/usr/share/ca-certificates/3rd$ sudo wget https://www.uni-muenster.de/CA/harica-rsa-server-2025.crt
--2025-09-21 17:50:21-- https://www.uni-muenster.de/CA/harica-rsa-server-2025.crt
Resolving www.uni-muenster.de (www.uni-muenster.de)... 128.176.6.250, 2001:4cf0:2:20::80b0:6fa
Connecting to www.uni-muenster.de (www.uni-muenster.de)|128.176.6.250|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2147 (2.1K)
Saving to: ‘harica-rsa-server-2025.crt’

harica-rsa-server-2025.crt 100%[=====================================================================================================================>] 2.10K --.-KB/s in 0s

2025-09-21 17:50:21 (190 MB/s) - ‘harica-rsa-server-2025.crt’ saved [2147/2147]

paul@8NUC:/usr/share/ca-certificates/3rd$ sudo dpkg-reconfigure ca-certificates
Updating certificates in /etc/ssl/certs...
rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
rehash: warning: skipping duplicate certificate in Go_Daddy_Class_2_CA.pem
1 added, 0 removed; done.
Processing triggers for ca-certificates (20240203~20.04.1) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
paul@8NUC:/usr/share/ca-certificates/3rd$ openssl s_client -showcerts -connect asteroidsathome.net:443
CONNECTED(00000003)
depth=2 C = GR, O = Hellenic Academic and Research Institutions CA, CN = HARICA TLS RSA Root CA 2021
verify return:1
depth=1 C = GR, O = Hellenic Academic and Research Institutions CA, CN = GEANT TLS RSA 1
verify return:1
depth=0 C = CZ, ST = Hlavn\C3\AD m\C4\9Bsto Praha, L = Praha 1, O = Univerzita Karlova, CN = www.asteroidsathome.net
verify return:1
---
Certificate chain
0 s:C = CZ, ST = Hlavn\C3\AD m\C4\9Bsto Praha, L = Praha 1, O = Univerzita Karlova, CN = www.asteroidsathome.net
i:C = GR, O = Hellenic Academic and Research Institutions CA, CN = GEANT TLS RSA 1

---

Paul.

You're welcome.

Normaly no reboot needed. Only mark the certificate as trusted and you good to go.

Confirmed no restart required, may have needed a moment or 2 to pick up change.

---

Paul.

Tried it on Ubuntu - all responses positive. Thanks.
Just have to wait for some new WUs

When I tried to follow this advice I got a long list of other certificates that were also selected. I assume these are in /usr/share/ca-certificates/mozilla. Should these be deselected or left selected in order to just add the new certificate from www.uni-muenster.de? What is the correct way to remove the new certificate?

I just left them, they were there already so no harm re-doing.

---

Paul.

Will there be on official fix?

Not everyone is comfortable making this sort of change.

---

Paul.

This is affecting Android too being a derivative of a linux.

Not sure if rooting would be needed even if I got into the subsystem.

Will there be on official fix?

Not everyone is comfortable making this sort of change.

It's just a work-around.
The server operator need to handle out the interm. certifcate via webserver. When it's done it's a transparent process with no additonal "tweaks".

I followed this tutorial for installing certs on android
https://www.ssl2buy.com/wiki/how-to-install-ssl-certificate-on-android

but the cert that was used on desktop using curl didnt work

Will there be on official fix?

Not everyone is comfortable making this sort of change.

It's just a work-around.
The server operator need to handle out the interm. certifcate via webserver. When it's done it's a transparent process with no additonal "tweaks".

I think the question was more specific. Is there anything we can do to call the sysadmin's attention to this problem. Obviously, it isn't on someone's radar.

I have sent a PM asking if they are aware.

---

Paul.

9166 Asteroids@home 9/24/2025 9:30:27 AM Sending scheduler request: Requested by user.
9167 Asteroids@home 9/24/2025 9:30:27 AM Not requesting tasks: too many uploads in progress
9168 9/24/2025 9:30:28 AM Project communication failed: attempting access to reference site
9169 Asteroids@home 9/24/2025 9:30:28 AM Scheduler request to http://asteroidsathome.net/boinc_cgi/cgi failed: SSL peer certificate or SSH remote key was not OK
9170 9/24/2025 9:30:29 AM Internet access OK - project servers may be temporarily down.
9171 Asteroids@home 9/24/2025 9:31:44 AM Fetching scheduler list
9172 9/24/2025 9:31:46 AM Project communication failed: attempting access to reference site
9173 Asteroids@home 9/24/2025 9:31:46 AM Scheduler list fetch from https://asteroidsathome.net/boinc/ failed: transient HTTP error
9174 9/24/2025 9:31:47 AM Internet access OK - project servers may be temporarily down.

Is someone going to fix this or should we just abort all the results and consider this project defunct.

You can download the interme. Certificate.

I found it on a server of the university of Münster (Germany)
https://www.uni-muenster.de/CA/de/cacerts.shtml

Debian:
1. go to /usr/share/ca-certificates
2. create a subfolder: ex. 3rd-party
3. download cert: wget https://www.uni-muenster.de/CA/harica-rsa-server-2025.crt
4. dpkg-reconfigure ca-certificates -> Choose Ask, set a mark on 3rd-party/harica-rsa-server-2025.crt and press OK

curl and boinc access are working again.

Edit: Orginal Cert: https://repo.harica.gr/rep_dyn.php

I'm a bit late to the party but can also confirm it works on Mint 22.1

Initially I tried removing and adding the project, which obviously failed. Managed to add it a few seconds after finishing the above steps. Thanks!

---