run command prompt as administrator

Easier said than done: you have to go Windows key+R then Ctrl+Shift+Enter together

cd "/Program Files/BOINC" (using backslashes, which I can't seem to make display OK)
copy ca-bundle.crt ca-bundle.crt.bak

This didn't work as I get access denied.

WTF - why isn't the Rosetta admin fixing this snafu?

I think this is an issue with BOINC, not Rosetta. LHC@home is also affected, as well as NumberFields@Home.
My Mac is doing fine so far, which is rather interesting.

Macs are probably more sensible like Linux, using a central store of these keys in the OS, rather than just in the Boinc folder. Apple update those presumably, for every program you run not just Boinc. Windows SSL keys are a mess, some in the registry, some in the system folder, some in program folders....

---

Alongside the issues here, which most of us here are solving on PCs though not on Android, the project front page <had been> showing maybe 780k completed tasks in the last 24hrs
About 21hrs later now it's only showing about 340k completed in the last 24hrs and will continue to drop for a few hours more. Maybe to 300k or even less.

This certificate having already expired, I'm not sure what anyone at Rosetta can do to push a solution to people who don't view the forums at all, let alone this topic. let alone if they've got the ability to implement a solution.

The most obvious route may be to put a Notice out through the Boinc Manager itself, though someone will have to prepare an idiot-proof set of instructions to do so.

The only other thing I can think of is for people here who are in teams to contact their other Rosetta team members and advise them how to solve the immediate problem.

Anyone else with any ideas before Admin and Mod.Sense get back to us with some clever solution of their own?

Does Boinc auto-update? If so, Boinc could release a new version with an updated security file. If it doesn't autoupdate, then Rosetta (and LHC and Numberfields) should email every user and tell them to update Boinc.

---

Presumably this will rectify after midnight in each user's timezone? In Android 9 (Pie) the following DID NOT WORK:

1) Settings >> General >> Lock screen & security >> Advanced / Encryption & credentials >> Trusted credentials
2) Select AddTrust AB (AddTrust External CA Root)
3) Note that this cert expires 30 May 2020
4) Press DISABLE
5) Restart device
6) Restart BOINC

At least for me this does not rectify the uploads hanging. There is a RESET option when selecting the Rosetta@home project in the Android app, but I'm reluctant to select this as I could lose the work I'm attempting to upload. Setting the time/date to tomorrow (E.g. selecting timezone for Sydney) also did not resolve.

I'm on Android 8.0 and it didn't work for me. In the end, I was forced to abort all tasks and let some others timeout. This is not good. Fortunately, I have a really small cache.
I even tried disabling all the AddTrust AB certificates. No dice. I can't even re-add Rosetta after removing it (that probably means RESET won't work). I think one needs to remove those expired credentials outright to fix this (I don't think you can remove single credentials from Android).

Welp, I guess that's two Android devices down for me. One because of issues with BOINC and Android 9.0, plus the fact that I don't charge that device enough to meet the deadlines. One because of this certificate expiring.

I hope this gets resolved before we get a massive wave of tasks timing out.

It only affects some projects, my Androids are doing other project work instead. I only know of LHC, Rosetta, and Numberfields needing the certificate.

I'm running WCG on my two phones now. I am concerned about the impact on this project though.

I am concerned about the impact on this project though.

So am I. If there won't be a fast and easy solution available to everyone, many valuable crunchers may abandon the project.

I analyzed the ca-bundle.crt file and found out that AddTrust External Root certificate expired today.
I removed the expired certificate part from the file and now everything works normal for me again.

Here is a guide to a quick fix:
Backup all your sensitive data first, This is only tested on 1 computer so far.
Exit BOINC
Open file manager and go to C:ProgramFilesBOINC or wherever you have installed BOINC.
Make a backup copy of ca-bundle.crt just in case my instuctions screw up something.
Right click on ca-bundle.crt and open it with Notepad
Scroll down to AddTrust External Root, Below this is the expired certificate.
Delete everything from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- including the begin and end lines.
Save the file
Start BOINC and try again.

Please let me know if this works or not.

This worked for me perfectly, I had to open the file in Notepad++ as admin but afterwards I could connect to the project again.
Thank you so much

Greetings,

I am running Linux Mint v19.3 which is based on Ubuntu. I have done the following procedure:

The procedure that worked for me on Ubuntu 18.04.4:
(1) Download this file: https://crt.sh/?d=1720081
(2) Place "1720081.crt" in Home directory (e.g., move from desktop)
(3) sudo mv 1720081.crt /usr/local/share/ca-certificates
(4) sudo update-ca-certificates

I restarted BOINC and am still getting stuck uploads and reports. Is there something else that needs to be done. I have only been using Linux continually for about 8 months, so I'm sorta a noob. ;)

Have a great day! :)

Siran

---

CAPT Siran d'Vel'nahr XO
USS Vre'kasht NCC-33187

"Logic is the cement of our civilization with which we ascend from chaos using reason as our guide." - T'Plana-hath

Sid Celery wrote:

I'm not sure what anyone at Rosetta can do

They might be able to change the servers’ SSL certificates to ones signed by CAs that aren’t affected by this client problem.

put a Notice out through the Boinc Manager

There might be a chicken-and-egg problem there: if the notices are fetched via HTTPS, and HTTPS isn’t working…

Not being knowledgeable enough myself, I can only hope those "might be's" turn into "can do's"

---

Does Boinc auto-update? If so, Boinc could release a new version with an updated security file.
If it doesn't autoupdate, then Rosetta (and LHC and Numberfields) should email every user and tell them to update Boinc.

It doesn't auto-update, no.
Though it could auto-update Android Boinc if people's Google Play Store settings allow it

---

[quote]Welp, I guess that's two Android devices down for me. One because of issues with BOINC and Android 9.0, plus the fact that I don't charge that device enough to meet the deadlines. One because of this certificate expiring.

I hope this gets resolved before we get a massive wave of tasks timing out.

It only affects some projects, my Androids are doing other project work instead. I only know of LHC, Rosetta, and Numberfields needing the certificate.

I'm running WCG on my two phones now. I am concerned about the impact on this project though.

From the sound of things, I'm inclined to advise people to suspend all Android Rosetta tasks, abort those that haven't started, and switch to run or join WCG's Open Pandemics CV19 tasks.
I can't be sure this issue will be fixed before deadlines and that time is better spent running something productive.
If Admins aren't around until Monday it'll have been 2 days before they can begin to look for a solution and Android deadlines will likely be missed

---

...Such things should be fixed by BOINC programmers centrally, rather than manually editing certificate file by each user.

I could not agree more. First, this never should have happened. Second, the solution has to be 'pushed' to each client versus having every user manually edit a configuration file on each machine doing work.

While it's well within my capabilities to make the changes it's a matter of professional 'outrage' (I'm a former S/W developer who understands how things should be done) I'm going to leave things as they are until the powers that be correct the problem properly. In the meantime the WGC OpenPandemics project is getting a lot more processing time on my systems.

Update for everyone reading this thread (esp. Android users):

A Github issue has been made and BOINC maintainers have been alerted. Please see https://github.com/BOINC/boinc/issues/3789 for details.

Currently there are workarounds available for Windows and Linux (and possibly Mac as well). Android currently does not appear to have a viable workaround, and an APK update is being pressured.

In addition to making that GitHub issue, I also sent a direct email to the key personnel. But it is the weekend, and there are practical issues regarding gaining access to offices around the world at the moment.

I've tried all the methods above, but noting working on my ubuntu14.04 rigs, so sad.

---

Greetings,

I am running Linux Mint v19.3 which is based on Ubuntu. I have done the following procedure:

The procedure that worked for me on Ubuntu 18.04.4:
(1) Download this file: https://crt.sh/?d=1720081
(2) Place "1720081.crt" in Home directory (e.g., move from desktop)
(3) sudo mv 1720081.crt /usr/local/share/ca-certificates
(4) sudo update-ca-certificates

I restarted BOINC and am still getting stuck uploads and reports. Is there something else that needs to be done. I have only been using Linux continually for about 8 months, so I'm sorta a noob. ;)

Have a great day! :)

Siran

Are you 100% sure 1720081.crt was moved to /usr/local/share/ca-certificates before doing sudo update-ca-certificates?

btw if wasn't necessary to restart BOINC for me, it just worked.

-[ snip ]-

Have a great day! :)

Siran

Are you 100% sure 1720081.crt was moved to /usr/local/share/ca-certificates before doing sudo update-ca-certificates?

btw if wasn't necessary to restart BOINC for me, it just worked.

Hi John,

Yes, I double checked to make sure the file was moved.

I'll be logging into Winders 10 in a bit, so I'll see what happens when I log back into Linux.

I just tried a manual upload restart and got a 23 minute back off from the server. :(

Have a great day! :)

Siran

---

CAPT Siran d'Vel'nahr XO
USS Vre'kasht NCC-33187

"Logic is the cement of our civilization with which we ascend from chaos using reason as our guide." - T'Plana-hath

...Such things should be fixed by BOINC programmers centrally, rather than manually editing certificate file by each user.

I could not agree more. First, this never should have happened. Second, the solution has to be 'pushed' to each client versus having every user manually edit a configuration file on each machine doing work.

While it's well within my capabilities to make the changes it's a matter of professional 'outrage' (I'm a former S/W developer who understands how things should be done) I'm going to leave things as they are until the powers that be correct the problem properly. In the meantime the WGC OpenPandemics project is getting a lot more processing time on my systems.

I have checked the master file at https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt and it also contains the expired cert. It looks like the BOINC team used the latest ca-bundle.crt file available. Blame the maintainers of the ca-bundle.crt file.

---

I analyzed the ca-bundle.crt file and found out that AddTrust External Root certificate expired today.
I removed the expired certificate part from the file and now everything works normal for me again.

Here is a guide to a quick fix:
Backup all your sensitive data first, This is only tested on 1 computer so far.
Exit BOINC
Open file manager and go to C:ProgramFilesBOINC or wherever you have installed BOINC.
Make a backup copy of ca-bundle.crt just in case my instuctions screw up something.
Right click on ca-bundle.crt and open it with Notepad
Scroll down to AddTrust External Root, Below this is the expired certificate.
Delete everything from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- including the begin and end lines.
Save the file
Start BOINC and try again.

Please let me know if this works or not.

This worked fine for me, R@H is uploading and downloading again. THANK YOU Gylling!

I did the following (Windows 10):
run command prompt as administrator
cd "/Program Files/BOINC" (using backslashes, which I can't seem to make display OK)
copy ca-bundle.crt ca-bundle.crt.bak
notepad ca-bundle.crt
Ctrl+F External
Delete the following:
AddTrust External Root
======================
-----BEGIN CERTIFICATE-----
MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
-----END CERTIFICATE-----

Save and exit Notepad
Close command prompt
Go to BOINC Manager
Suspend Rosetta@Home project
Close BOINC Manager
Reopen BOINC Manager
Resume Rosetta@Home project
Select Tools, Retry Pending Transfers from menu (advanced view active - you may need to select View, Advanced View first)[/code]

instead of using command prompt (which I found wasn't working for me, probably did something wrong but *shrug*
I instead used Properties - Security - and gave users full control over that file. Used notepad to edit and could save no issue.

---

I have followed threads and GitHub and BOINC still refused to connect so tried few things, and these are my results:

1) download ca-bundle.crt linked by Tony https://boinc.berkeley.edu/forum_thread.php?id=13758&postid=98903#98903
2) copy 1720081.crt certificate from GitHub https://github.com/BOINC/boinc/issues/3789
3) in Tony's crt file search for "COMO" and paste 1720081's certificate string under each already present Comodo related certyficate, then save the file
4) turn off BOINC and don't let it autostart (check BOINC settings and Task Manager "Start up" tab)
5) reset PC
6) before logging into Windows, reset it again and confirm if there's a prompt
7) log in and manually run BOINC
8) let it update and carry on folding

Erich, et. al. May I suggest that someone with more authority than I have, notify BOINC software engineering, to up-rev BOINC, with our problem. It's certainly impacted some important wu's. Perhaps, this has already been brought to BOINC's attention. If so, I await uploading ops. to
commence, with the next BOINC rev.

---

instead of using command prompt (which I found wasn't working for me, probably did something wrong but *shrug*
I instead used Properties - Security - and gave users full control over that file. Used notepad to edit and could save no issue.

You can also open Notepad as administrator and it will work to save the file after the edit.