Got this error with Rosetta and LHC 11:01am UTC 30th May 2020. On all my (Windows 10) machines, while requesting work.
"Peer certificate cannot be authenticated with given CA certificates"
But Universe and Einstein and Milkyway are ok.

Any ideas what screwed up? My computer? Both Rosetta and LHC at once? Boinc in general?

---

I'm seeing the same error message in the event log as of this morning and a number of tasks are stuck in 'uploading' status.
I suspect this is only affecting one of my machines which I switched to Rosetta@Home's new SSL URL, which makes sense.
Unfortunate timing for this to happen on a Saturday.

---

**38 cores crunching for R@H on behalf of cancercomputer.org - a non-profit supporting High Performance Computing in Cancer Research

I'm seeing the same error message in the event log as of this morning and a number of tasks are stuck in 'uploading' status.
I suspect this is only affecting one of my machines which I switched to Rosetta@Home's new SSL URL, which makes sense.
Unfortunate timing for this to happen on a Saturday.

It happened on all my computers at once (all on SSL URL), and also on LHC (but not Einstein, Milkyway, or Universe). Perhaps Rosetta only bought a one month contract with whoever gives these certificates out? But strange LHC ran out at the same time, in another country!

---

I have the same problem on all my computers, All are switched to SSL.

I have the same problem on all my computers, All are switched to SSL.

This is odd. Einstein and Milkyway don't use SSL, so I'll ignore those.

But Universe, Rosetta, and LHC all do. So how come Universe still works and LHC and Rosetta failed at once?

---

I'm having this issue too.
I have Windows 10 (boinc 7.16.5), macOS 10.15.5 (boinc 7.16.6), Manjaro Linux(boinc 7.16.6) machines,
and only Windows machines are getting this error.
macOS and Linux Machines are downloading/uploading normally.

I turned on additional event log options, Might be caused by the ca-bundle.crt file

15:57:36 | Rosetta@home | update requested by user
15:57:36 | | [network_status] status: don't need connection
15:57:36 | | [http] HTTP_OP::init_get(): https://boinc.bakerlab.org/rosetta/notices.php?userid=2121xxx&auth=2121xxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
15:57:36 | | [http] HTTP_OP::libcurl_exec(): ca-bundle set
15:57:36 | | [http] [ID#0] Info: Connection 27 seems to be dead!
15:57:36 | | [http] [ID#0] Info: Closing connection 27
15:57:37 | | [http] [ID#0] Info: Trying 128.95.160.157...
15:57:37 | | [http] [ID#0] Info: Connected to boinc.bakerlab.org (128.95.160.157) port 443 (#28)
15:57:37 | | [http] [ID#0] Info: ALPN, offering http/1.1
15:57:37 | | [http] [ID#0] Info: Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
15:57:37 | | [http] [ID#0] Info: successfully set certificate verify locations:
15:57:37 | | [http] [ID#0] Info: CAfile: X:XXXXXXBOINCca-bundle.crt
15:57:37 | | [http] [ID#0] Info: CApath: none
15:57:37 | | [http] [ID#0] Info: TLSv1.2 (OUT), TLS header, Certificate Status (22):
15:57:37 | | [http] [ID#0] Info: TLSv1.2 (OUT), TLS handshake, Client hello (1):
15:57:37 | | [http] [ID#0] Info: TLSv1.2 (IN), TLS handshake, Server hello (2):
15:57:37 | | [http] [ID#0] Info: TLSv1.2 (IN), TLS handshake, Certificate (11):
15:57:37 | | [http] [ID#0] Info: TLSv1.2 (OUT), TLS alert, Server hello (2):
15:57:37 | | [http] [ID#0] Info: SSL certificate problem: certificate has expired
15:57:37 | | [http] [ID#0] Info: Closing connection 28
15:57:37 | | [http] HTTP error: Peer certificate cannot be authenticated with given CA certificates
15:57:37 | | [network_status] status: online
15:57:38 | | [network_status] status: online
15:57:39 | Rosetta@home | Sending scheduler request: Requested by user.
15:57:39 | Rosetta@home | Reporting 1 completed tasks
15:57:39 | Rosetta@home | Requesting new tasks for CPU
15:57:39 | Rosetta@home | [http] HTTP_OP::init_post(): https://bwsrv1.bakerlab.org/rosetta_cgi/cgi
15:57:39 | Rosetta@home | [http] HTTP_OP::libcurl_exec(): ca-bundle set
15:57:40 | | [network_status] status: online
15:57:40 | Rosetta@home | [http] [ID#1] Info: Trying 128.95.160.156...
15:57:40 | Rosetta@home | [http] [ID#1] Info: Connected to bwsrv1.bakerlab.org (128.95.160.156) port 443 (#29)
15:57:40 | Rosetta@home | [http] [ID#1] Info: ALPN, offering http/1.1
15:57:40 | Rosetta@home | [http] [ID#1] Info: Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
15:57:40 | Rosetta@home | [http] [ID#1] Info: successfully set certificate verify locations:
15:57:40 | Rosetta@home | [http] [ID#1] Info: CAfile: X:XXXXXXBOINCca-bundle.crt
15:57:40 | Rosetta@home | [http] [ID#1] Info: CApath: none
15:57:40 | Rosetta@home | [http] [ID#1] Info: TLSv1.2 (OUT), TLS header, Certificate Status (22):
15:57:40 | Rosetta@home | [http] [ID#1] Info: TLSv1.2 (OUT), TLS handshake, Client hello (1):
15:57:40 | Rosetta@home | [http] [ID#1] Info: TLSv1.2 (IN), TLS handshake, Server hello (2):
15:57:40 | Rosetta@home | [http] [ID#1] Info: TLSv1.2 (IN), TLS handshake, Certificate (11):
15:57:40 | Rosetta@home | [http] [ID#1] Info: TLSv1.2 (OUT), TLS alert, Server hello (2):
15:57:40 | Rosetta@home | [http] [ID#1] Info: SSL certificate problem: certificate has expired
15:57:40 | Rosetta@home | [http] [ID#1] Info: Closing connection 29
15:57:40 | | [network_status] got HTTP error - checking ref site
15:57:40 | Rosetta@home | [http] HTTP error: Peer certificate cannot be authenticated with given CA certificates
15:57:41 | | [network_status] status: reference site lookup pending
15:57:41 | | [network_status] need_phys_conn 0; trying https://www.google.com/
15:57:41 | | Project communication failed: attempting access to reference site
15:57:41 | | [http] HTTP_OP::init_get(): https://www.google.com/
15:57:41 | | [http] HTTP_OP::libcurl_exec(): ca-bundle set
15:57:41 | Rosetta@home | Scheduler request failed: Peer certificate cannot be authenticated with given CA certificates
15:57:42 | | [network_status] status: reference site lookup pending
15:57:42 | | [http] [ID#0] Info: Trying 172.217.21.164...
15:57:42 | | [http] [ID#0] Info: Connected to www.google.com (172.217.21.164) port 443 (#30)
15:57:42 | | [http] [ID#0] Info: ALPN, offering http/1.1
15:57:42 | | [http] [ID#0] Info: Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
15:57:42 | | [http] [ID#0] Info: successfully set certificate verify locations:
15:57:42 | | [http] [ID#0] Info: CAfile: X:XXXXXXBOINCca-bundle.crt
15:57:42 | | [http] [ID#0] Info: CApath: none
15:57:42 | | [http] [ID#0] Info: TLSv1.2 (OUT), TLS header, Certificate Status (22):
15:57:42 | | [http] [ID#0] Info: TLSv1.2 (OUT), TLS handshake, Client hello (1):
15:57:42 | | [http] [ID#0] Info: TLSv1.2 (IN), TLS handshake, Server hello (2):
15:57:42 | | [http] [ID#0] Info: TLSv1.2 (IN), TLS handshake, Certificate (11):
15:57:42 | | [http] [ID#0] Info: TLSv1.2 (IN), TLS handshake, Server key exchange (12):
15:57:42 | | [http] [ID#0] Info: TLSv1.2 (IN), TLS handshake, Server finished (14):
15:57:42 | | [http] [ID#0] Info: TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
15:57:42 | | [http] [ID#0] Info: TLSv1.2 (OUT), TLS change cipher, Client hello (1):
15:57:42 | | [http] [ID#0] Info: TLSv1.2 (OUT), TLS handshake, Finished (20):
15:57:42 | | [http] [ID#0] Info: TLSv1.2 (IN), TLS change cipher, Client hello (1):
15:57:42 | | [http] [ID#0] Info: TLSv1.2 (IN), TLS handshake, Finished (20):
15:57:42 | | [http] [ID#0] Info: SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
15:57:42 | | [http] [ID#0] Info: ALPN, server accepted to use http/1.1
15:57:42 | | [http] [ID#0] Info: Server certificate:
15:57:42 | | [http] [ID#0] Info: subject: C=US; ST=California; L=Mountain View; O=Google LLC; CN=www.google.com
15:57:42 | | [http] [ID#0] Info: start date: May 5 08:31:24 2020 GMT
15:57:42 | | [http] [ID#0] Info: expire date: Jul 28 08:31:24 2020 GMT
15:57:42 | | [http] [ID#0] Info: subjectAltName: www.google.com matched
15:57:42 | | [http] [ID#0] Info: issuer: C=US; O=Google Trust Services; CN=GTS CA 1O1
15:57:42 | | [http] [ID#0] Info: SSL certificate verify ok.

I analyzed the ca-bundle.crt file and found out that AddTrust External Root certificate expired today.
I removed the expired certificate part from the file and now everything works normal for me again.

Here is a guide to a quick fix:
Backup all your sensitive data first, This is only tested on 1 computer so far.
Exit BOINC
Open file manager and go to C:ProgramFilesBOINC or wherever you have installed BOINC.
Make a backup copy of ca-bundle.crt just in case my instuctions screw up something.
Right click on ca-bundle.crt and open it with Notepad
Scroll down to AddTrust External Root, Below this is the expired certificate.
Delete everything from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- including the begin and end lines.
Save the file
Start BOINC and try again.

Please let me know if this works or not.

I got the new Add trust certificate from the main BOINC site.

it worked fine with updated certs, I didn't even restart

https://boinc.berkeley.edu/forum_thread.php?id=13758

Thanks Gylling, that's fixed my system too.

I got the new Add trust certificate from the main BOINC site.

it worked fine with updated certs, I didn't even restart

https://boinc.berkeley.edu/forum_thread.php?id=13758

Excellent, thanks, I just pasted that into mine without restarting Boinc and it works.

How are you going to get that new file to everyone else?

---

Here is a link for people that trust me

https://1drv.ms/u/s!AsVDg7OAm7-whqEqBXKHuOie0UoBKA?e=VHwBAP

Adding a new certificate should not be necessary, as the required COMODO entry should already be present in ca-bundle.crt. You should only need to remove the expired one, as Gylling wrote. You shouldn’t even need to restart BOINC.

Background information: Sectigo AddTrust External CA Root Expiring May 30, 2020

Here is a link for people that trust me

https://1drv.ms/u/s!AsVDg7OAm7-whqEqBXKHuOie0UoBKA?e=VHwBAP

This worked for me on both my desktop and laptop, but when I tried to go there on my Android phone the file wouldn't install - saying something like "no certificate to install"

How would I go about it on a phone please?

---

Here is a link for people that trust me

https://1drv.ms/u/s!AsVDg7OAm7-whqEqBXKHuOie0UoBKA?e=VHwBAP

This worked for me on both my desktop and laptop, but when I tried to go there on my Android phone the file wouldn't install - saying something like "no certificate to install"

How would I go about it on a phone please?

Should be possible, but someone with more technical knowledge than me needs to interpret this:
https://cheapsslsecurity.com/blog/install-ssl-certificate-on-android/

---

I analyzed the ca-bundle.crt file and found out that AddTrust External Root certificate expired today.
I removed the expired certificate part from the file and now everything works normal for me again.

Here is a guide to a quick fix:
Backup all your sensitive data first, This is only tested on 1 computer so far.
Exit BOINC
Open file manager and go to C:ProgramFilesBOINC or wherever you have installed BOINC.
Make a backup copy of ca-bundle.crt just in case my instuctions screw up something.
Right click on ca-bundle.crt and open it with Notepad
Scroll down to AddTrust External Root, Below this is the expired certificate.
Delete everything from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- including the begin and end lines.
Save the file
Start BOINC and try again.

Please let me know if this works or not.

Worked like a charm. Thanks much!

On Linux, it is a bit more involved.
The general discussion is here: https://boinc.berkeley.edu/forum_thread.php?id=13758

The procedure that worked for me on Ubuntu 18.04.4:
(1) Download this file: https://crt.sh/?d=1720081
(2) Place "1720081.crt" in Home directory (e.g., move from desktop)
(3) sudo mv 1720081.crt /usr/local/share/ca-certificates
(4) sudo update-ca-certificates

It updates apparently OK, but it has not been tested with an actual upload yet.
Good luck.

Alternative: The procedure by Gylling also worked for me, insofar as I can see,
and might be simpler.
https://boinc.bakerlab.org/rosetta/forum_thread.php?id=14006#96882

---

Presumably this will rectify after midnight in each user's timezone? In Android 9 (Pie) the following DID NOT WORK:

1) Settings >> General >> Lock screen & security >> Advanced / Encryption & credentials >> Trusted credentials
2) Select AddTrust AB (AddTrust External CA Root)
3) Note that this cert expires 30 May 2020
4) Press DISABLE
5) Restart device
6) Restart BOINC

At least for me this does not rectify the uploads hanging. There is a RESET option when selecting the Rosetta@home project in the Android app, but I'm reluctant to select this as I could lose the work I'm attempting to upload. Setting the time/date to tomorrow (E.g. selecting timezone for Sydney) also did not resolve.

Thanks, that worked for me.
PC-User Win10 x64
BOINC Version 7.16.5

Here is a link for people that trust me

https://1drv.ms/u/s!AsVDg7OAm7-whqEqBXKHuOie0UoBKA?e=VHwBAP

This worked for me on both my desktop and laptop, but when I tried to go there on my Android phone the file wouldn't install - saying something like "no certificate to install"

How would I go about it on a phone please?

Should be possible, but someone with more technical knowledge than me needs to interpret this:
https://cheapsslsecurity.com/blog/install-ssl-certificate-on-android/

I tried to follow the instructions and it wouldn't install from device storage (no certificate to install again)
I tried to simply disable the AddTrust AB certificate and no good

Then I navigated to the Boinc forum page on my phone, clicked on the direct link to the new file and it offered to install, then said it was successfully installed.
But Rosetta still said no.
Just rebooted and no dice again
Ugh

---