After some time I checked the error logs on TO and found repeating errors:
2018-10-23T10:00:01+02:00 2018-10-23T08:00:01+02:00 omnia user err server_uplink[]: Failed to download contract status
2018-10-23T10:01:05+02:00 2018-10-23T08:01:05+02:00 omnia user err server_uplink[]: Failed to get registration code
2018-10-23T10:02:09+02:00 2018-10-23T08:02:09+02:00 omnia user err turris-firewall-rules[]: (v63) Failed to download https://api.turris.cz/firewall/turris-ipsets.gz.sign
When I tried to download the file using wget I get an error message “Unable to locally verify the issuer’s authority.”
root@omnia:/mnt/ssd/omnia-var/logs/errors/2018/10# wget https://api.turris.cz/firewall/turris-ipsets.gz.sign
--2018-10-23 10:46:23-- https://api.turris.cz/firewall/turris-ipsets.gz.sign
Resolving api.turris.cz... 217.31.192.101, 2001:1488:ac15:ff80::101
Connecting to api.turris.cz|217.31.192.101|:443... connected.
ERROR: cannot verify api.turris.cz's certificate, issued by 'emailAddress=michal.vaner@nic.cz,CN=Turris Emergency CA,OU=Labs,O=CZ.NIC,L=Prague,ST=Czech republic,C=CZ':
Unable to locally verify the issuer's authority.
To connect to api.turris.cz insecurely, use `--no-check-certificate'.
It looks like the issuer certificate (issuer=/C=CZ/ST=Czech republic/L=Prague/O=CZ.NIC/OU=Labs/CN=Turris Emergency CA/emailAddress=michal.vaner@nic.cz) is not trusted on TO. I can add it but shouldn’t it be there coming as part of TurrisOS?
