Can't upgrade Nextcloud 17.0.2 or updates apps

zerone · January 30, 2020, 10:41am

Nextcloud version 17.0.1
Show A new version is available: Nextcloud 17.0.3
Operating system and version (Debian 9):

Is this the first time you’ve seen this error? (Y/N): Not Sure

Steps to replicate it:

```
sudo -u www-data php updater.phar
```

` Nextcloud Updater - version: v16.0.3-3-ga0c2b25 dirty

Current version is 17.0.1.                                                             
  [Exception]                                                                          
  Could not do request to updater server: error setting certificate verify locations:  
    CAfile: /etc/ssl/certs/ca-certificates.crt                                         
    CApath: /etc/ssl/certs                                                             
                                                                                       

update

`
2. sudo -u www-data php occ update:check
Nextcloud 17.0.3 is available. Get more information on how to update at https://docs.nextcloud.com/server/17/admin_manual/maintenance/upgrade.html.
1 update available

sudo -u www-data php occ upgrade
Nextcloud is already latest version
sudo -u www-data php occ app:update --all
No thing show
The output of your Nextcloud log in Admin > Logging:

No logs about

config.php

<?php
$CONFIG = array (
  'passwordsalt' => '',
  'secret' => '',
  'trusted_domains' => 
  array (
    0 => 'test.loc',
  ),
  'datadirectory' => '/var/www/nextcloud/data',
  'trashbin_retention_obligation' => 'disabled',
  'versions_retention_obligation' => 'disabled',
  'skeletondirectory' => '/var/www/nextcloud/data/admin/files/dflt',
  'dbtype' => 'mysql',
  'version' => '17.0.1.1',
  'overwrite.cli.url' => 'http://localhost',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'nextcloud',
  'dbpassword' => '',
  'installed' => true,
  'instanceid' => '',
  'ldapIgnoreNamingRules' => false,
  'ldapProviderFactory' => 'OCA\\User_LDAP\\LDAPProviderFactory',
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 2,
  'updater.release.channel' => 'stable',
  'log_type' => 'file',
  'logfile' => 'nextcloud.log',
  'logdateformat' => 'F d, Y H:i:s',
  'twofactor_enforced' => 'false',
  'twofactor_enforced_groups' => 
  array (
  ),
  'twofactor_enforced_excluded_groups' => 
  array (
  ),
  'mail_smtpmode' => 'smtp',
  'mail_smtpsecure' => 'ssl',
  'mail_sendmailmode' => 'smtp',
  'mail_from_address' => 'no-cl',
  'mail_domain' => 'test.loc',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpport' => '465',
  'mail_smtphost' => 'test.loc',
  'mail_smtpauth' => 1,
  'mail_smtpname' => 'no-cl',
  'mail_smtppassword' => '',
  'mail_smtpstreamoptions' => 
  array (
    'ssl' => 
    array (
      'allow_self_signed' => true,
      'verify_peer' => false,
      'verify_peer_name' => false,
    ),
  ),
  'updater.secret' => '$2y$10$7L....',
);

when open updater just show
Initializing Current version is 17.0.1.
and after checking version on GUI on overview of nextcloud show
A new version is available: **Nextcloud 17.0.3**
Could not connect to the appstore or the appstore returned no updates at all. Search manually for updates or make sure your server has access to the internet and can connect to the appstore.
I Try to remove it but no luck
/var/ data-directory / files_external/rootcerts.crt
Best Regards

chrki · January 30, 2020, 11:22am

I am in a similar position, I’m running 17.0.2 and got the notification for 17.0.3, admin interface won’t let me update: “Nextcloud 17.0.2 - Your version is up to date.”

edit:

Well it works now. I had pending warnings about database tables (this one), I ran the occ command and 17.0.3 is offered as an upgrade now. Not sure if that’s related to the problem though.

JimmyKater · January 30, 2020, 11:51am

i see that your updater doesn’t find any certs under

/etc/ssl/certs/

at least not in

ca-certificates.crt

and then i see a

and think: well that might be connected somehow.

so i think there are 2 ways trying to solve that now.

put your self-signed certificates into that dir mentioned above under the name mentioned above (or tell your system where else to find your certificates)
try valid ssl-certificates

happy hacking

zerone · January 30, 2020, 2:16pm

Thanks,for reply
I activated self signed cert for smtp for email.
i put the ca certificate on
/etc/ssl/certs and /usr/share/ca-certificates too
then using:
update-ca-certificates
and even changed (new cert) to ca-certificates.crt
but still get error.
I thinks it’s valid it because the (smtp) email works now
even imported the cert by
sudo -u www-data php occ security:certificates:import etc.crt
Best Regards

zerone · January 30, 2020, 3:03pm

unfortunately upgraded for me.

zerone · January 30, 2020, 6:34pm

I try with
'appstore.experimental.enabled' => true,
'appstoreurl' => 'https://apps.nextcloud.com/api/v1',
and with
‘apps_paths’ => array(`
array(
‘path’=> ‘/var/www/nextcloud/apps’,
‘url’ => ‘https://apps.nextcloud.com/api/v1/platform/17.0.1/apps.json’,
‘writable’ => true,
),
but get on both

Internal Server Error
The server encountered an internal error and was unable to complete your request.
Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report.
More details can be found in the webserver log.
when curl data from api json file haven’t problem to get data
and after using
'appstoreenabled' => true,
the list of apps categories don’t show any more.
Best Regards

zerone · February 2, 2020, 5:17pm

still get

Current version is 17.0.1.                                                             
  [Exception]                                                                          
  Could not do request to updater server: error setting certificate verify locations:  
    CAfile: /etc/ssl/certs/ca-certificates.crt                                         
    CApath: /etc/ssl/certs                                                             
                                                                                       

update

when try
# openssl s_client -connect updates.nextcloud.com:443 -CApath /etc/ssl/certs/ca-certificates.crt
get

CONNECTED(00000003)
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify error:num=20:unable to get local issuer certificate
---
Certificate chain
 0 s:/CN=docs.nextcloud.com
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGcDCCBVigAwIBAgISA5OPnnpcLDsFLuN0VDucQKEZMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTEyMDkwMzAwMzFaFw0y
MDAzMDgwMzAwMzFaMB0xGzAZBgNVBAMTEmRvY3MubmV4dGNsb3VkLmNvbTCCAiIw
DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALHwDwFFXiMJwvx4nnZJNH4jh5th
Fl/Yk/PqrLnRp2BB97Nm+GFNlHm9pKbttLjzX99j+Jbhz02r07Hm3jTgx4BpBuV+
3SL2o5PF5tjVJUEq0qvlkzWijms7Iv6xPrmq/Puzx7Bk0J4neAF09k8l1tvCSh03
Ulkq/WMefmBigKgpmDIJi7OXUHghTRBcEQ1ykivKL6/dEKdb0xNAZlgdeUp2Ztnk
U0xSwrLjZy1Plm4m+iWPcoQLWMZwlpJUwibdqqShg2LjeUykwk8n7I7XndfFnAF+
HIDlEbznKaoviVDa+WjFAzQThAVMSgH6A5YZG/t4hpdc8FJxA70qI5stNzaEOKGQ
hRltxfstSSHZfUgUSFimIepqnyvQmAVEa5ImVJNji3tIwS1aEbvcR3OAtt5oiP0c
YrZ0vW0FkXGAAScmsf849cs4cdqGjEMREyajJ3N8iQFaax+NQI30P7Mwl89HiuiA
TM6P1tH0GOYOuePt3jCzNPdDCa51aU6B9ehKRmVymGovmzqGffLdq8FrXD4bWBFM
L/NG7Km1LirvNbZM8Yd83TfY7PZWljX6jcRErDzNuTtMc74Iho3uaBz+gyMhhiNV
ztEO7XIXgbSFl9a5SFO2eRicKaR+8mE9fFnn/EbTu5ioIz5Co/9XQ/Nr+FSS+HkU
ZlKqJ4KndWynR/s3AgMBAAGjggJ7MIICdzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE
FChNF3ovZRuCkFMiv7MPAxusW1ESMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZF
Ze/zqOyhMG8GCCsGAQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3Au
aW50LXgzLmxldHNlbmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQu
aW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wHQYDVR0RBBYwFIISZG9jcy5uZXh0Y2xv
dWQuY29tMBEGCCsGAQUFBwEYBAUwAwIBBTBMBgNVHSAERTBDMAgGBmeBDAECATA3
BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNy
eXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2APCVpFnyANGCQBAtL5OI
jq1L/h1H45nh0DSmsKiqjrJzAAABbujQ2UQAAAQDAEcwRQIgMI6HYdvkMDfjhpJb
EY3JV6C1zDhYFP8/zPNz6jCghQICIQC15W08AJ97YHZjmAu38hqe3hH7rjq/MgXO
z4tN0iTAzgB3ALIeBcyLos2KIE6HZvkruYolIGdr2vpw57JJUy3vi5BeAAABbujQ
2WkAAAQDAEgwRgIhAN6PUA28oL6md517yxd3i1QMidPqffzWOB7R1TMq3XauAiEA
5kqeB3zdalMOAY9QjzH7nmHpCPNV1JGcq9l1+IzQY+QwDQYJKoZIhvcNAQELBQAD
ggEBABAMXz9nZWSQigREbrIlrDPYkussjHd6VDBqfxi0RZMEIBGOY+9SPqUOeLTG
xgbURwi2RV3NnJ/yws0tEBzEAyAjgIVFN3ZmJz8hFTbtEtF/teVt1hoEZ8SF1Bkr
imP3zX9T8NMayEwD/1kntQAdcODPqMNBpb7BzygiVxGKPvyERGLcoNbQlHhok6Vw
fbgnLfO1phxv2uUvGVfeWBbNz+2Y7GDOCnzC8kbyTobF6RGW6iqqYZRzaw5N/wBO
pCwM1Drv4NIzh68FRUeN7kJNWv4D0FobpewHP5bGUZj6g6ZMddaA3dGxPSh2dxX6
UBu7YpQVhPc91ngBebmjimRD6Fw=
-----END CERTIFICATE-----
subject=/CN=docs.nextcloud.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3742 bytes and written 269 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 701AE954B188DF79FBA00562D7F22108F18CA092206E0AC0567C463B0A63F0BA
    Session-ID-ctx: 
    Master-Key: 3A6E5FA00CCF35ACC768EEAE4CFFEB78A22F3390A940074ED3743E60502926A9EBB0D6DCF1E081E3E6ABDCC9BC62F311
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - db 7a af 6e e1 6b 59 d6-ee 53 bd eb 61 1c 3a 20   .z.n.kY..S..a.: 
    0010 - c0 d6 9b 19 2d de 3f fa-43 a3 9b 1a d1 55 ed 35   ....-.?.C....U.5
    0020 - 19 5a 16 1b 6e b3 a7 f7-dd 38 75 18 42 f3 25 a6   .Z..n....8u.B.%.
    0030 - f2 cf e2 11 bd 17 4f ae-f7 3e 88 18 0e 26 d1 23   ......O..>...&.#
    0040 - f8 70 0e 94 7e 45 40 0d-d3 a5 81 47 af ea 15 20   .p..~E@....G... 
    0050 - 67 3e 47 fa f4 78 29 f5-c4 2d a0 9c e0 04 b3 7e   g>G..x)..-.....~
    0060 - 5a 28 a8 79 17 ab 40 c8-15 6e 37 a2 2a b3 25 00   Z(.y..@..n7.*.%.
    0070 - 5b 4d a9 5b fa 21 e0 5e-e2 35 18 9b 88 24 f3 66   [M.[.!.^.5...$.f
    0080 - 4d 95 bd 17 c0 2c 09 58-bc 95 73 15 b6 ae 3b d3   M....,.X..s...;.
    0090 - 7b 96 c7 ef e3 ed 89 e0-81 9a a9 7b 67 78 8a f5   {..........{gx..
    00a0 - 16 39 5e f2 1c 7a e9 d5-d3 73 af df 48 fe 32 21   .9^..z...s..H.2!
    00b0 - d1 f6 e6 80 27 e5 ff 13-cc f1 18 6a 17 9c d3 b3   ....'......j....

    Start Time: 1580663557
    Timeout   : 7200 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
    Extended master secret: yes
---
closed

but with
# openssl s_client -connect updates.nextcloud.com:443 -CApath /etc/ssl/certs/
get

CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = docs.nextcloud.com
verify return:1
---
Certificate chain
 0 s:/CN=docs.nextcloud.com
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGcDCCBVigAwIBAgISA5OPnnpcLDsFLuN0VDucQKEZMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTEyMDkwMzAwMzFaFw0y
MDAzMDgwMzAwMzFaMB0xGzAZBgNVBAMTEmRvY3MubmV4dGNsb3VkLmNvbTCCAiIw
DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALHwDwFFXiMJwvx4nnZJNH4jh5th
Fl/Yk/PqrLnRp2BB97Nm+GFNlHm9pKbttLjzX99j+Jbhz02r07Hm3jTgx4BpBuV+
3SL2o5PF5tjVJUEq0qvlkzWijms7Iv6xPrmq/Puzx7Bk0J4neAF09k8l1tvCSh03
Ulkq/WMefmBigKgpmDIJi7OXUHghTRBcEQ1ykivKL6/dEKdb0xNAZlgdeUp2Ztnk
U0xSwrLjZy1Plm4m+iWPcoQLWMZwlpJUwibdqqShg2LjeUykwk8n7I7XndfFnAF+
HIDlEbznKaoviVDa+WjFAzQThAVMSgH6A5YZG/t4hpdc8FJxA70qI5stNzaEOKGQ
hRltxfstSSHZfUgUSFimIepqnyvQmAVEa5ImVJNji3tIwS1aEbvcR3OAtt5oiP0c
YrZ0vW0FkXGAAScmsf849cs4cdqGjEMREyajJ3N8iQFaax+NQI30P7Mwl89HiuiA
TM6P1tH0GOYOuePt3jCzNPdDCa51aU6B9ehKRmVymGovmzqGffLdq8FrXD4bWBFM
L/NG7Km1LirvNbZM8Yd83TfY7PZWljX6jcRErDzNuTtMc74Iho3uaBz+gyMhhiNV
ztEO7XIXgbSFl9a5SFO2eRicKaR+8mE9fFnn/EbTu5ioIz5Co/9XQ/Nr+FSS+HkU
ZlKqJ4KndWynR/s3AgMBAAGjggJ7MIICdzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE
FChNF3ovZRuCkFMiv7MPAxusW1ESMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZF
Ze/zqOyhMG8GCCsGAQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3Au
aW50LXgzLmxldHNlbmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQu
aW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wHQYDVR0RBBYwFIISZG9jcy5uZXh0Y2xv
dWQuY29tMBEGCCsGAQUFBwEYBAUwAwIBBTBMBgNVHSAERTBDMAgGBmeBDAECATA3
BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNy
eXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2APCVpFnyANGCQBAtL5OI
jq1L/h1H45nh0DSmsKiqjrJzAAABbujQ2UQAAAQDAEcwRQIgMI6HYdvkMDfjhpJb
EY3JV6C1zDhYFP8/zPNz6jCghQICIQC15W08AJ97YHZjmAu38hqe3hH7rjq/MgXO
z4tN0iTAzgB3ALIeBcyLos2KIE6HZvkruYolIGdr2vpw57JJUy3vi5BeAAABbujQ
2WkAAAQDAEgwRgIhAN6PUA28oL6md517yxd3i1QMidPqffzWOB7R1TMq3XauAiEA
5kqeB3zdalMOAY9QjzH7nmHpCPNV1JGcq9l1+IzQY+QwDQYJKoZIhvcNAQELBQAD
ggEBABAMXz9nZWSQigREbrIlrDPYkussjHd6VDBqfxi0RZMEIBGOY+9SPqUOeLTG
xgbURwi2RV3NnJ/yws0tEBzEAyAjgIVFN3ZmJz8hFTbtEtF/teVt1hoEZ8SF1Bkr
imP3zX9T8NMayEwD/1kntQAdcODPqMNBpb7BzygiVxGKPvyERGLcoNbQlHhok6Vw
fbgnLfO1phxv2uUvGVfeWBbNz+2Y7GDOCnzC8kbyTobF6RGW6iqqYZRzaw5N/wBO
pCwM1Drv4NIzh68FRUeN7kJNWv4D0FobpewHP5bGUZj6g6ZMddaA3dGxPSh2dxX6
UBu7YpQVhPc91ngBebmjimRD6Fw=
-----END CERTIFICATE-----
subject=/CN=docs.nextcloud.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3742 bytes and written 269 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 55F2D2DB7C6D8CA431BE204227DE8753F39534EFAB8FA5260F67BD62D0DD26A8
    Session-ID-ctx: 
    Master-Key: E67CEE06D12224DF54E9D5FC4AEE2CEB56E3A7F0CF1BBA2E8108185EF8EB84391279A3CC7D39E05DB382D409D8DF4831
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - db 7a af 6e e1 6b 59 d6-ee 53 bd eb 61 1c 3a 20   .z.n.kY..S..a.: 
    0010 - 47 f2 58 6f a7 cb 30 46-c7 dc bf d2 05 c8 c0 ff   G.Xo..0F........
    0020 - 75 b7 15 27 fb b2 27 1d-eb 57 94 85 05 ae c6 fe   u..'..'..W......
    0030 - 7d f6 27 71 55 f2 0c 25-38 95 f5 72 44 f9 75 ec   }.'qU..%8..rD.u.
    0040 - d0 84 8c 54 df 4e cb 98-b0 5a 06 95 26 dd be a1   ...T.N...Z..&...
    0050 - 97 2a ee 57 5f b6 1f 65-d2 11 bb 7f b5 00 6c ca   .*.W_..e......l.
    0060 - ea 8d ee 8b 8d df d4 36-56 3d 2c 8d d7 77 90 9a   .......6V=,..w..
    0070 - c5 ec ab 36 de 74 1f 5d-e1 31 2b cf 22 ab f6 70   ...6.t.].1+."..p
    0080 - c4 41 f8 b0 0f 50 9b 41-e6 da fb 9c 28 ea ae 01   .A...P.A....(...
    0090 - a8 49 c1 09 fa 58 69 12-66 be 25 2f 4f 86 1f 6c   .I...Xi.f.%/O..l
    00a0 - 4b cc 55 cc af 60 ba 6f-a6 7f 73 a2 2b 13 c2 80   K.U..`.o..s.+...
    00b0 - 15 3a 40 87 90 52 a6 28-99 b8 97 88 6b 27 58 b0   .:@..R.(....k'X.

    Start Time: 1580663707
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---
closed

I try to get the ca-certificate.crt from nextcloud container still get the error.
so how can get the required certificate for certs directory as it’s verified .
about apps update
check

Best Regards

zerone · February 4, 2020, 8:00am

@SmallOne , do you have any idea?

zerone · February 5, 2020, 2:11pm

curl -vs https://updates.nextcloud.com

Rebuilt URL to: https://updates.nextcloud.com/

Trying 176.9.217.52…

TCP_NODELAY set

Connected to updates.nextcloud.com (176.9.217.52) port 443 (#0)

ALPN, offering h2

ALPN, offering http/1.1

Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH

successfully set certificate verify locations:

CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs

TLSv1.2 (OUT), TLS header, Certificate Status (22):

TLSv1.2 (OUT), TLS handshake, Client hello (1):

TLSv1.2 (IN), TLS handshake, Server hello (2):

TLSv1.2 (IN), TLS handshake, Certificate (11):

TLSv1.2 (IN), TLS handshake, Server key exchange (12):

TLSv1.2 (IN), TLS handshake, Server finished (14):

TLSv1.2 (OUT), TLS handshake, Client key exchange (16):

TLSv1.2 (OUT), TLS change cipher, Client hello (1):

TLSv1.2 (OUT), TLS handshake, Finished (20):

TLSv1.2 (IN), TLS change cipher, Client hello (1):

TLSv1.2 (IN), TLS handshake, Finished (20):

SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256

ALPN, server accepted to use http/1.1

Server certificate:

subject: CN=updates.nextcloud.com

start date: Jan 1 03:00:16 2020 GMT

expire date: Mar 31 03:00:16 2020 GMT

subjectAltName: host “updates.nextcloud.com” matched cert’s “updates.nextcloud.com”

issuer: C=US; O=Let’s Encrypt; CN=Let’s Encrypt Authority X3

SSL certificate verify ok.

GET / HTTP/1.1
Host: updates.nextcloud.com
User-Agent: curl/7.52.1
Accept: /

< HTTP/1.1 200 OK
< Date: Wed, 05 Feb 2020 14:04:28 GMT
< Server: Apache
< Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
< Content-Security-Policy: default-src ‘none’
< Content-Length: 0
< Content-Type: text/html; charset=UTF-8
<

Curl_http_done: called premature == 0

Connection #0 to host updates.nextcloud.com left intact

and when try
echo | openssl s_client -connect updates.nextcloud.com:443
get

No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3742 bytes and written 269 bytes
Verification: OK
---

so where is the wrong?!