You got basic TLS connectivity and thus the cause would not seem to be your end. But with the certificate being expired I would reckon that being a server side issue.
root@turris:~# gnutls-cli -V api.turris.cz:5679
Processed 512 CA certificate(s).
Resolving 'api.turris.cz:5679'...
Connecting to '217.31.192.101:5679'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- X.509 Certificate Information:
Version: 1
Serial Number (hex): 00d7b47998515c5ea6
Issuer: EMAIL=michal.vaner@nic.cz,OU=Labs,O=CZ.NIC,L=Prague,ST=Czech republic,C=CZ
Validity:
Not Before: Mon Jan 09 14:45:19 UTC 2017
Not After: Sun Oct 06 14:45:19 UTC 2019
Subject: EMAIL=michal.vaner@nic.cz,CN=api.turris.cz,OU=Labs,O=CZ.NIC,L=Prague,ST=Czech republic,C=CZ
Subject Public Key Algorithm: RSA
Algorithm Security Level: High (4096 bits)
Modulus (bits 4096):
00:c5:fd:3f:a7:6a:b7:99:31:e8:d1:41:73:91:d1:97
fb:ba:1e:ff:dd:5b:21:e8:dd:01:86:4d:6b:c4:d3:81
98:a4:7a:ab:55:f3:9d:cf:2a:9e:5c:a9:36:cc:70:66
.
.
e2:59:24:9c:f6:7d:eb:56:5e:6b:43:8b:21:a5:33:62
d4:96:43:8e:38:25:2b:46:72:10:a1:6a:aa:9b:be:db
75
Exponent (bits 24):
01:00:01
Signature Algorithm: RSA-SHA256
Signature:
37:f4:56:41:7c:71:b5:22:25:bf:f0:3b:e7:14:d0:8d
56:bc:b6:9a:6d:63:5d:27:92:0f:fd:8f:b2:95:2f:6d
e8:56:52:41:a3:d9:d1:04:71:69:17:93:dc:04:7e:81
.
.
.
a4:aa:16:01:11:e0:7e:ba:72:36:3b:ad:04:d3:e2:36
b2:e7:4b:bc:f4:f3:fc:76:6f:0b:8e:b7:9f:4b:a0:93
a0:8b:a9:a9:63:49:43:58:cc:72:db:9e:64:54:4c:11
Other Information:
Fingerprint:
sha1:4f5fd13c030a7993b40a546794964abb2782b176
sha256:ee8e2180f84c9c05c17e1d93e47052a4d409280758902c7c2839bf846af2645c
Public Key ID:
sha1:19db715c9368d3a243e6b8980eb1a168ddeb56e3
sha256:7bbbcdb2560e880deffdc11bb4ee0078269e171097b08bb98e0e23c4325ee477
Public Key PIN:
pin-sha256:e7vNslYOiA3v/cEbtO4AeCaeFxCXsIu5jg4jxDJe5Hc=
-----BEGIN CERTIFICATE-----
MIIFizCCA3MCCQDXtHmYUVxepjANBgkqhkiG9w0BAQsFADB7MQswCQYDVQQGEwJD
WjEXMBUGA1UECAwOQ3plY2ggcmVwdWJsaWMxDzANBgNVBAcMBlByYWd1ZTEPMA0G
.
.
.
nLPMQ6zV5jkkOwrKG/R+lvASR8aPWT5xxgXX/QiAACGPzd1yr5zNMTc1YPL6F+Q3
Sdxki0Ll9tE/t1H7BqORFcGDbHeTFnnXBa6t+CVd+aSqFgER4H66cjY7rQTT4jay
50u89PP8dm8LjrefS6CToIupqWNJQ1jMctueZFRMEQ==
-----END CERTIFICATE-----
- Certificate[1] info:
- X.509 Certificate Information:
Version: 3
Serial Number (hex): 00987d5eef075ad9f6
Issuer: EMAIL=michal.vaner@nic.cz,OU=Labs,O=CZ.NIC,L=Prague,ST=Czech republic,C=CZ
Validity:
Not Before: Fri Dec 09 13:38:49 UTC 2016
Not After: Thu Sep 05 13:38:49 UTC 2019
Subject: EMAIL=michal.vaner@nic.cz,OU=Labs,O=CZ.NIC,L=Prague,ST=Czech republic,C=CZ
Subject Public Key Algorithm: RSA
Algorithm Security Level: High (4096 bits)
Modulus (bits 4096):
00:c9:10:88:90:c1:5d:1b:c5:7a:d2:09:21:82:8c:d4
12:8f:cc:19:75:16:8b:98:91:ff:36:79:ea:14:37:63
25:75:ab:d8:0c:8c:b1:75:aa:8f:9a:dd:11:b9:2e:fa
.
.
.
94:6a:1b:01:80:81:a1:10:04:c8:56:4e:2b:ff:c9:e9
30:48:cb:68:83:c3:17:4f:f9:77:a5:fb:fc:82:ae:dc
2e:e5:61:63:e7:72:2e:c7:93:3a:e8:95:01:1a:b3:1f
6b
Exponent (bits 24):
01:00:01
Extensions:
Subject Key Identifier (not critical):
a112ee13cb4c1615e79573b221218e06d47c4f0a
Authority Key Identifier (not critical):
a112ee13cb4c1615e79573b221218e06d47c4f0a
Basic Constraints (not critical):
Certificate Authority (CA): TRUE
Signature Algorithm: RSA-SHA256
Signature:
91:30:84:85:53:ad:b4:ea:97:70:11:a4:d7:67:5d:ca
7b:e7:f9:75:26:cf:b9:59:53:47:ad:16:7d:4a:2f:7f
f2:22:b8:7c:73:ba:41:21:6a:1c:62:be:7f:3c:14:78
.
.
.
fd:ae:a5:a9:f3:d7:29:a3:9f:59:55:7c:29:59:03:e8
66:a2:a4:1f:3b:8d:01:cb:bd:32:7e:63:55:a3:7c:e7
1c:fc:ef:5a:fd:d2:ee:60:c5:2f:22:05:27:b3:6b:f0
Other Information:
Fingerprint:
sha1:5b79f221d8e8a58324f895c0bd2c6b3af10c94ef
sha256:a6f917c39a0ca2b5abb552f6f3e80615181abf8e012c37131a56743459919e38
Public Key ID:
sha1:501b58b726a09b231abcd2b7cec705fbde2790b5
sha256:416fab47d3f4898c07b3d85388b624221a91324a8a6ffd0df38469aefc015430
Public Key PIN:
pin-sha256:QW+rR9P0iYwHs9hTiLYkIhqRMkqKb/0N84RprvwBVDA=
-----BEGIN CERTIFICATE-----
MIIFyTCCA7GgAwIBAgIJAJh9Xu8HWtn2MA0GCSqGSIb3DQEBCwUAMHsxCzAJBgNV
BAYTAkNaMRcwFQYDVQQIDA5DemVjaCByZXB1YmxpYzEPMA0GA1UEBwwGUHJhZ3Vl
.
.
.
EF/OBw+KroasxgyJ9YdePMICg2j3B2qc/xT9POYBCwiJrO520XeJXzuEAiI+/a6l
qfPXKaOfWVV8KVkD6GaipB87jQHLvTJ+Y1WjfOcc/O9a/dLuYMUvIgUns2vw
-----END CERTIFICATE-----
- Status: The certificate is NOT trusted. The certificate issuer is unknown.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
root@turris:~#
x
root@turris:~# ncat --ssl -v api.turris.cz 5679
Ncat: OpenSSL isn't compiled in. The --ssl option cannot be chosen. QUITTING.
root@turris:~#
I am just after reinstalling the system on an SSD mSATA from the backup image Schnapps… Such a collision caught my eye and I attributed problems to myself
AFAIK this issue affects only uCollect itself, i.e. optional data collection from the router.
Cloud backups should not be affected as it use different services which are not connected to uCollect. I have tried to make a cloud backup on my router at the moment and it was created without any problem.