Microsoft OneDrive 'certificate has expired' issue

Support
#1

Hello,
I have two different Macs that use the same Microsoft OneDrive folder as storage. They use the same one-token.json file and the things used to be fine for several months.
Since some days ago, one of my Macs is no more able to refresh the one-token.json file, where the other works as usual.

This is some output from the bad Mac:

Mac-di-Ale:~ gpz500$ duplicacy list
Storage set to one://duplicacy-storage
Post https://duplicacy.com/one_refresh: x509: certificate has expired or is not yet valid; retry after 604 milliseconds
[…]

… while the good one goes without any problems with the same (just copied) one-token.json file.

With the one-token.json file just refreshed by the good one even the bad one, for some time (circa one hour) is working. Then it doesn’t work any more as before.

Other info:
both are using Duplicacy 2.5.2; the bad one has macOS 10.11.6 (El Capitan) while the good one has 10.15.5 (Catalina)

Thank you for your support!

#2

That can be caused by a wrong clock on the bad Mac. When you copied over a newly refreshed one-token.json it didn’t need to refresh right away so that was why it was working for some time before the token was expired.

#3

The clock is okay… :frowning:
Is there some other things to check?

#4

Can you access https://duplicacy.com from that Mac in a browser?

#5

Yes, I can.
I will try to move away my .duplicacy folder and redo ‘duplicacy init’ from scratch. As far as I understand it should be without any damages, isn’t it?

Edit: even during the init I obtain the same error message:

Mac-di-Ale:~ gpz500$ duplicacy init -e gpz500-mbp one://duplicacy-storage
Enter the path of the OneDrive token file (downloadable from OneDrive for Duplicacy):Documents/one-token.json
Post https://duplicacy.com/one_refresh: x509: certificate has expired or is not yet valid; retry after 604 milliseconds
[…]
Failed to load the OneDrive storage at one://duplicacy-storage: failed to refresh the access token: Maximum number of retries reached
Mac-di-Ale:~ gpz500$

#6

Can you add the -log option to the init command:

duplicacy -log init -e gpz500-mbp one://duplicacy-storage

This will show the timestamp with each log message. I still think it is a clock issue.

#7

The clock seems okay:

Mac-di-Ale:~ gpz500$ duplicacy -log init -e gpz500-mbp one://duplicacy-storage
Enter the path of the OneDrive token file (downloadable from OneDrive for Duplicacy):Documents/one-token.json
2020-06-30 19:43:28.031 INFO ONEDRIVE_RETRY Post https://duplicacy.com/one_refresh: x509: certificate has expired or is not yet valid; retry after 604 milliseconds
[…]
2020-06-30 19:44:31.889 ERROR STORAGE_CREATE Failed to load the OneDrive storage at one://duplicacy-storage: failed to refresh the access token: Maximum number of retries reached
Mac-di-Ale:~ gpz500$

#8

Sorry it turned out to be my fault. The SSL certificate of duplicacy.com is valid but the root certificate of the issuer expired on May 30, 2020. This isn’t an issue if an updated root certificate is installed, but older systems like your Mac do not have this updated root certificate so they will complain about the expired certificate.

I’ve switched to google-managed SSL certificate and this should fix the issue for you.

#9

Thanks, this works! :+1: