Error: Cannot connect to host update.ixsystems.com

[DarkCorner]

I have a TrueNAS-SCALE-22.12.4.2.
I wanted to upgrade to the latest version, but I get this error.

Cannot connect to host update.ixsystems.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate is not yet valid (_ssl.c:1123)')]: Automatic update check failed. Please check system network settings

I did a search online, but I can't find any solutions.
The time reported is correct.

 

[NugentS]

The usual issue here is if you have set the IP address manually, rather than via DHCP.
Have you also set DNS and Gateway manually as well?

 

[danb35]

The time reported is correct.

...and the date? The error your system is reporting states that the cert is "not yet valid," and the cert is valid 1/24/24 - 4/23/24. That error indicates that your server thinks the date is before 1/24/24.

 

[NugentS]

@danb35 has a much better idea than mine

 

[DarkCorner]

The IP address is taken from DHCP, but even if I set it manually the error remains.
I can't tell if the battery on the MoBo is low, but the Time is set with a Time Zone (NTP Server 0.debian.pool.ntp.org, 1.debian.pool.ntp.org, 2.debian.pool.ntp.org) and the date and time are correct.

 

[danb35]

From the shell, what's the output of date? And then the output of openssl s_client -connect update.ixsystems.com:443?

 

[DarkCorner]

Damn! Tue Oct 17 13:50:03 CEST 2023
But why? What's the point of having the Time Server then?

$ openssl s_client -connect update.ixsystems.com:443 CONNECTED(00000003) depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1 verify return:1 depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1P5 verify return:1 depth=0 CN = update.ixsystems.com verify error:num=9:certificate is not yet valid notBefore=Jan 24 16:42:10 2024 GMT verify return:1 depth=0 CN = update.ixsystems.com notBefore=Jan 24 16:42:10 2024 GMT verify return:1 --- Certificate chain 0 s:CN = update.ixsystems.com i:C = US, O = Google Trust Services LLC, CN = GTS CA 1P5 1 s:C = US, O = Google Trust Services LLC, CN = GTS CA 1P5 i:C = US, O = Google Trust Services LLC, CN = GTS Root R1 2 s:C = US, O = Google Trust Services LLC, CN = GTS Root R1 i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA --- Server certificate -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- subject=CN = update.ixsystems.com issuer=C = US, O = Google Trust Services LLC, CN = GTS CA 1P5 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: ECDSA Server Temp Key: X25519, 253 bits --- SSL handshake has read 4361 bytes and written 386 bytes Verification error: certificate is not yet valid --- New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256 Server public key is 256 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 9 (certificate is not yet valid) --- read:errno=0

 

[Patrick M. Hausen]

Damn! Tue Oct 17 13:50:03 CEST 2023
But why? What's the point of having the Time Server then?

Is the time server reachable? Does it answer? Try ntpdate -q <time server> to verify. Also ntpd refuses to start if the gap between the local and the real time is too large. There's a flag to override that but I do not know if SCALE uses it.

 

[DarkCorner]

ntpdate is not available, but with the command sudo apt-get install ntpdate I get the error that apt-get is also not available.

However the time server must work since both date and time are correct; also ping on timeserver 0.debian.pool.ntp.org works.

 

[DarkCorner]

I solved it by changing the date and time in the BIOS.
Now it's doing the update.
I will open the NAS later to change the battery.

For now, I thank everyone for their help.