cURL error 60 when updating apps

Since a few nextcloud releases I’m unable to update apps.
I’m always getting the following error:

{
  "reqId": "TZdPKQlNbU6NiFG3XwEP",
  "level": 3,
  "time": "2025-07-25T08:00:19+00:00",
  "remoteAddr": "2001:9e8:aaf8:f500:6257:18ff:fe8b:c491",
  "user": "admin",
  "app": "no app in context",
  "method": "GET",
  "url": "/settings/apps/update/bookmarks",
  "message": "cURL error 60: SSL certificate problem: self-signed certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://github.com/nextcloud/bookmarks/releases/download/v15.1.2/bookmarks-15.1.2.tar.gz",
  "userAgent": "Mozilla/5.0 (X11; Linux x86_64; rv:141.0) Gecko/20100101 Firefox/141.0",
  "version": "31.0.7.1",
  "exception": {
    "Exception": "GuzzleHttp\\Exception\\RequestException",
    "Message": "cURL error 60: SSL certificate problem: self-signed certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://github.com/nextcloud/bookmarks/releases/download/v15.1.2/bookmarks-15.1.2.tar.gz",
    "Code": 0,
    "Trace": [
      {
        "file": "/var/www/cloud/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php",
        "line": 205,
        "function": "createRejection",
        "class": "GuzzleHttp\\Handler\\CurlFactory",
        "type": "::",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/cloud/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php",
        "line": 157,
        "function": "finishError",
        "class": "GuzzleHttp\\Handler\\CurlFactory",
        "type": "::"
      },
      {
        "file": "/var/www/cloud/3rdparty/guzzlehttp/guzzle/src/Handler/CurlHandler.php",
        "line": 47,
        "function": "finish",
        "class": "GuzzleHttp\\Handler\\CurlFactory",
        "type": "::"
      },
      {
        "file": "/var/www/cloud/3rdparty/guzzlehttp/guzzle/src/Middleware.php",
        "line": 142,
        "function": "__invoke",
        "class": "GuzzleHttp\\Handler\\CurlHandler",
        "type": "->"
      },
      {
        "file": "/var/www/cloud/lib/private/Http/Client/DnsPinMiddleware.php",
        "line": 149,
        "function": "{closure:{closure:GuzzleHttp\\Middleware::tap():137}:138}",
        "class": "GuzzleHttp\\Middleware",
        "type": "::",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/cloud/3rdparty/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php",
        "line": 35,
        "function": "{closure:{closure:OC\\Http\\Client\\DnsPinMiddleware::addDnsPinning():103}:104}",
        "class": "OC\\Http\\Client\\DnsPinMiddleware",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/cloud/3rdparty/guzzlehttp/guzzle/src/Middleware.php",
        "line": 31,
        "function": "__invoke",
        "class": "GuzzleHttp\\PrepareBodyMiddleware",
        "type": "->"
      },
      {
        "file": "/var/www/cloud/3rdparty/guzzlehttp/guzzle/src/RedirectMiddleware.php",
        "line": 71,
        "function": "{closure:{closure:GuzzleHttp\\Middleware::cookies():28}:29}",
        "class": "GuzzleHttp\\Middleware",
        "type": "::",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/cloud/3rdparty/guzzlehttp/guzzle/src/Middleware.php",
        "line": 66,
        "function": "__invoke",
        "class": "GuzzleHttp\\RedirectMiddleware",
        "type": "->"
      },
      {
        "file": "/var/www/cloud/3rdparty/guzzlehttp/guzzle/src/HandlerStack.php",
        "line": 75,
        "function": "{closure:{closure:GuzzleHttp\\Middleware::httpErrors():60}:61}",
        "class": "GuzzleHttp\\Middleware",
        "type": "::",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/cloud/3rdparty/guzzlehttp/guzzle/src/Client.php",
        "line": 333,
        "function": "__invoke",
        "class": "GuzzleHttp\\HandlerStack",
        "type": "->"
      },
      {
        "file": "/var/www/cloud/3rdparty/guzzlehttp/guzzle/src/Client.php",
        "line": 169,
        "function": "transfer",
        "class": "GuzzleHttp\\Client",
        "type": "->"
      },
      {
        "file": "/var/www/cloud/3rdparty/guzzlehttp/guzzle/src/Client.php",
        "line": 189,
        "function": "requestAsync",
        "class": "GuzzleHttp\\Client",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/cloud/lib/private/Http/Client/Client.php",
        "line": 206,
        "function": "request",
        "class": "GuzzleHttp\\Client",
        "type": "->"
      },
      {
        "file": "/var/www/cloud/lib/private/Installer.php",
        "line": 246,
        "function": "get",
        "class": "OC\\Http\\Client\\Client",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/cloud/lib/private/Installer.php",
        "line": 144,
        "function": "downloadApp",
        "class": "OC\\Installer",
        "type": "->"
      },
      {
        "file": "/var/www/cloud/apps/settings/lib/Controller/AppSettingsController.php",
        "line": 614,
        "function": "updateAppstoreApp",
        "class": "OC\\Installer",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/cloud/lib/private/AppFramework/Http/Dispatcher.php",
        "line": 200,
        "function": "updateApp",
        "class": "OCA\\Settings\\Controller\\AppSettingsController",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/var/www/cloud/lib/private/AppFramework/Http/Dispatcher.php",
        "line": 114,
        "function": "executeController",
        "class": "OC\\AppFramework\\Http\\Dispatcher",
        "type": "->"
      },
      {
        "file": "/var/www/cloud/lib/private/AppFramework/App.php",
        "line": 161,
        "function": "dispatch",
        "class": "OC\\AppFramework\\Http\\Dispatcher",
        "type": "->"
      },
      {
        "file": "/var/www/cloud/lib/private/Route/Router.php",
        "line": 315,
        "function": "main",
        "class": "OC\\AppFramework\\App",
        "type": "::"
      },
      {
        "file": "/var/www/cloud/lib/base.php",
        "line": 1040,
        "function": "match",
        "class": "OC\\Route\\Router",
        "type": "->"
      },
      {
        "file": "/var/www/cloud/index.php",
        "line": 24,
        "function": "handleRequest",
        "class": "OC",
        "type": "::"
      }
    ],
    "File": "/var/www/cloud/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php",
    "Line": 276,
    "message": "cURL error 60: SSL certificate problem: self-signed certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://github.com/nextcloud/bookmarks/releases/download/v15.1.2/bookmarks-15.1.2.tar.gz",
    "exception": [],
    "CustomMessage": "cURL error 60: SSL certificate problem: self-signed certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://github.com/nextcloud/bookmarks/releases/download/v15.1.2/bookmarks-15.1.2.tar.gz"
  },
  "id": "68833b7c17fcf"
}

cURL is working flawless everywhere else.
I can curl the apps manually from github and extract them in the apps folder. That’s what I’m
doing since the update function stopped working.
I wrote a small php script using php-curl which could fetch the apps from github without
problems.

It seems there is something wrong with the certificate store GuzzleHttp is using.

# occ security:certificates
+-----------+-------------+--------------+-------------+-----------+
| File Name | Common Name | Organization | Valid Until | Issued By |
+-----------+-------------+--------------+-------------+-----------+

I’m runnning debian unstable with nextcloud running under php-fpm and the following php-curl:

# apt-cache policy php-curl
php-curl:
  Installed: 2:8.4+96
  Candidate: 2:8.4+96
  Version table:
 *** 2:8.4+96 990
        990 http://deb.debian.org/debian unstable/main amd64 Packages
        100 /var/lib/dpkg/status

php-curl is linked to openssl

# apt-cache show libcurl4t64
Package: libcurl4t64
Source: curl
Version: 8.14.1-2
Installed-Size: 1012
Maintainer: Debian Curl Maintainers <team+curl@tracker.debian.org>
Architecture: amd64
Replaces: libcurl3, libcurl4
Provides: libcurl4 (= 8.14.1-2)
Depends: libbrotli1 (>= 0.6.0), libc6 (>= 2.38), libgssapi-krb5-2 (>= 1.17), libidn2-0 (>= 2.0.0), libldap2 (>= 2.6.2), libnghttp2-14 (>= 1.50.0), libnghttp3-9 (>= 0.15.0), libpsl5t64 (>= 0.16.0), librtmp1 (>= 2.3), libssh2-1t64 (>= 1.11.1), libssl3t64 (>= 3.3.0), libzstd1 (>= 1.5.5), zlib1g (>= 1:1.2.3.4)

There is no special cert configured in my php.ini.

It would be great if someone could point me where to look next. I’m not very fond of
going through the GuzzleHttp source code.

It is strange that you get a self-signed certificate error for a download at github …

If you try manually, does it work?

curl -v https://github.com/nextcloud/bookmarks/releases/download/v15.1.2/bookmarks-15.1.2.tar.gz

Your time/date settings on the server are ok?

Running curl from the command line works flawless (That’s how I update the apps).

I’ve written the following script to test php-curl with github and it gets the file without problems.

<?php

$ch = curl_init("https://github.com/nextcloud-releases/richdocuments/releases/download/v8.5.0/richdocuments-v8.5.0.tar.gz");
$fp = fopen("richdocuments-v8.5.0.tar.gz", "w");

curl_setopt($ch, CURLOPT_FILE, $fp);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_CERTINFO, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);

if (curl_exec($ch) == false) {
    echo 'Error: ' .curl_error($ch);
}
curl_close($ch);
fclose($fp);
?>

8.14.1OpenSSL/3.5.1* Host github.com:443 was resolved.                                                                                                                                                                            
* IPv6: (none)                                                                                                                                                                                                                    
* IPv4: 140.82.121.4                                                                                                                                                                                                              
*   Trying 140.82.121.4:443...                                                                                                                                                                                                    
* ALPN: curl offers h2,http/1.1                                                                                                                                                                                                   
*  CAfile: /etc/ssl/certs/ca-certificates.crt                                                                                                                                                                                     
*  CApath: /etc/ssl/certs                                                                                                                                                                                                         
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / x25519 / id-ecPublicKey                                                                                                                                                 
* ALPN: server accepted h2                                                                                                                                                                                                        
* Server certificate:                                                                                                                                                                                                             
*  subject: CN=github.com                                                                                                                                                                                                         
*  start date: Feb  5 00:00:00 2025 GMT                                                                                                                                                                                           
*  expire date: Feb  5 23:59:59 2026 GMT                                                                                                                                                                                          
*  subjectAltName: host "github.com" matched cert's "github.com"                                                                                                                                                                  
*  issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo ECC Domain Validation Secure Server CA                                                                                                           
*  SSL certificate verify ok.                                                                                                                                                                                                     
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256                                                                                                                     
*   Certificate level 1: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384                                                                                                                     
*   Certificate level 2: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using ecdsa-with-SHA384                                                                                                                      
* Connected to github.com (140.82.121.4) port 443                                                                                                                                                                                 
* using HTTP/2                                                                                                                                                                                                                    
* [HTTP/2] [1] OPENED stream for https://github.com/nextcloud-releases/richdocuments/releases/download/v8.5.0/richdocuments-v8.5.0.tar.gz                                                                                         
* [HTTP/2] [1] [:method: GET]                                                                                                                                                                                                     
* [HTTP/2] [1] [:scheme: https]                                                                                                                                                                                                   
* [HTTP/2] [1] [:authority: github.com]                                                                                                                                                                                           
* [HTTP/2] [1] [:path: /nextcloud-releases/richdocuments/releases/download/v8.5.0/richdocuments-v8.5.0.tar.gz]                                                                                                                    
* [HTTP/2] [1] [accept: */*]                                                                                                                                                                                                      
> GET /nextcloud-releases/richdocuments/releases/download/v8.5.0/richdocuments-v8.5.0.tar.gz HTTP/2                                                                                                                               
Host: github.com                                                                                                                                                                                                                  
Accept: */*                                                                                                                                                                                                                       
                                                                                                                                                                                                                                  
* Request completely sent off                                                                                                                                                                                                     
< HTTP/2 302                                                                                                                                                                                                                      
< date: Sat, 26 Jul 2025 10:52:12 GMT                                                                                                                                                                                             
< content-type: text/html; charset=utf-8                                                                                                                                                                                          
< content-length: 0                                                                                                                                                                                                               
< vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With                                                                                                            
< location: https://release-assets.githubusercontent.com/github-production-release-asset/377457285/f27ccaa9-66ed-425e-b608-ff3cfba1ffe0?sp=r&sv=2018-11-09&sr=b&spr=https&se=2025-07-26T11%3A44%3A10Z&rscd=attachment%3B+filename%
3Drichdocuments-v8.5.0.tar.gz&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2025-07-26T10%3A44%3A03Z&ske=2025-07-26T11%3A44%3A10Z&sks=b&skv=2018-11-09
&sig=Y8mZKSBd7h64qErjAMhlpvOQmGEDIVv5%2BNs0UEA3duI%3D&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsImV4cCI6MTc1MzUyNzQzMiwibmJ
mIjoxNzUzNTI3MTMyLCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.h8VnWLK0bJp-ZhtFVnCfZXjE2oATarGnnx2eMuO5qlc&response-content-disposition=attachment%3B%20filename%3Drichdocuments-v8.5.0.tar.gz&respon
se-content-type=application%2Foctet-stream
< cache-control: no-cache
< strict-transport-security: max-age=31536000; includeSubdomains; preload
< x-frame-options: deny
< x-content-type-options: nosniff
< x-xss-protection: 0
< referrer-policy: no-referrer-when-downgrade
< content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.g
ithubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.c
om github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.gith
ubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core
.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windo
ws.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.n
et/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.ne
t/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-ass
et-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; fo
rm-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'se
lf' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.git
hubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.
blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercon
tent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com g
ist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.
com/assets-cdn/worker/
< server: github.com
< x-github-request-id: 888A:1B8EAC:C258BD:C84210:6884B35C
* Ignoring the response-body
* setting size while ignoring
< 
* Connection #0 to host github.com left intact
* Issue another request to this URL: 'https://release-assets.githubusercontent.com/github-production-release-asset/377457285/f27ccaa9-66ed-425e-b608-ff3cfba1ffe0?sp=r&sv=2018-11-09&sr=b&spr=https&se=2025-07-26T11%3A44%3A10Z&rs
cd=attachment%3B+filename%3Drichdocuments-v8.5.0.tar.gz&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2025-07-26T10%3A44%3A03Z&ske=2025-07-26T11%3A44%
3A10Z&sks=b&skv=2018-11-09&sig=Y8mZKSBd7h64qErjAMhlpvOQmGEDIVv5%2BNs0UEA3duI%3D&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsI
mV4cCI6MTc1MzUyNzQzMiwibmJmIjoxNzUzNTI3MTMyLCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.h8VnWLK0bJp-ZhtFVnCfZXjE2oATarGnnx2eMuO5qlc&response-content-disposition=attachment%3B%20filename%3Drichdocu
ments-v8.5.0.tar.gz&response-content-type=application%2Foctet-stream'
* Host release-assets.githubusercontent.com:443 was resolved.
* IPv6: (none)
* IPv4: 185.199.109.133, 185.199.111.133, 185.199.108.133, 185.199.110.133
*   Trying 185.199.109.133:443...
* ALPN: curl offers h2,http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / X25519MLKEM768 / RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=*.github.io
*  start date: Mar  7 00:00:00 2025 GMT
*  expire date: Mar  7 23:59:59 2026 GMT
*  subjectAltName: host "release-assets.githubusercontent.com" matched cert's "*.githubusercontent.com"
*  issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA
*  SSL certificate verify ok.
*   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha384WithRSAEncryption
*   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha384WithRSAEncryption
* Connected to release-assets.githubusercontent.com (185.199.109.133) port 443
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://release-assets.githubusercontent.com/github-production-release-asset/377457285/f27ccaa9-66ed-425e-b608-ff3cfba1ffe0?sp=r&sv=2018-11-09&sr=b&spr=https&se=2025-07-26T11%3A44%3A10Z&rscd=attachment%3B+filename%3Drichdocuments-v8.5.0.tar.gz&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2025-07-26T10%3A44%3A03Z&ske=2025-07-26T11%3A44%3A10Z&sks=b&skv=2018-11-09&sig=Y8mZKSBd7h64qErjAMhlpvOQmGEDIVv5%2BNs0UEA3duI%3D&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsImV4cCI6MTc1MzUyNzQzMiwibmJmIjoxNzUzNTI3MTMyLCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.h8VnWLK0bJp-ZhtFVnCfZXjE2oATarGnnx2eMuO5qlc&response-content-disposition=attachment%3B%20filename%3Drichdocuments-v8.5.0.tar.gz&response-content-type=application%2Foctet-stream
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: release-assets.githubusercontent.com]
* [HTTP/2] [1] [:path: /github-production-release-asset/377457285/f27ccaa9-66ed-425e-b608-ff3cfba1ffe0?sp=r&sv=2018-11-09&sr=b&spr=https&se=2025-07-26T11%3A44%3A10Z&rscd=attachment%3B+filename%3Drichdocuments-v8.5.0.tar.gz&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2025-07-26T10%3A44%3A03Z&ske=2025-07-26T11%3A44%3A10Z&sks=b&skv=2018-11-09&sig=Y8mZKSBd7h64qErjAMhlpvOQmGEDIVv5%2BNs0UEA3duI%3D&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsImV4cCI6MTc1MzUyNzQzMiwibmJmIjoxNzUzNTI3MTMyLCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.h8VnWLK0bJp-ZhtFVnCfZXjE2oATarGnnx2eMuO5qlc&response-content-disposition=attachment%3B%20filename%3Drichdocuments-v8.5.0.tar.gz&response-content-type=application%2Foctet-stream]
* [HTTP/2] [1] [accept: */*]
> GET /github-production-release-asset/377457285/f27ccaa9-66ed-425e-b608-ff3cfba1ffe0?sp=r&sv=2018-11-09&sr=b&spr=https&se=2025-07-26T11%3A44%3A10Z&rscd=attachment%3B+filename%3Drichdocuments-v8.5.0.tar.gz&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2025-07-26T10%3A44%3A03Z&ske=2025-07-26T11%3A44%3A10Z&sks=b&skv=2018-11-09&sig=Y8mZKSBd7h64qErjAMhlpvOQmGEDIVv5%2BNs0UEA3duI%3D&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsImV4cCI6MTc1MzUyNzQzMiwibmJmIjoxNzUzNTI3MTMyLCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.h8VnWLK0bJp-ZhtFVnCfZXjE2oATarGnnx2eMuO5qlc&response-content-disposition=attachment%3B%20filename%3Drichdocuments-v8.5.0.tar.gz&response-content-type=application%2Foctet-stream HTTP/2
Host: release-assets.githubusercontent.com
Accept: */*

* Request completely sent off
< HTTP/2 200 
< last-modified: Fri, 13 Sep 2024 14:12:55 GMT
< etag: "0x8DCD3FE2A02C203"
< server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
< x-ms-request-id: b85ec600-301e-0053-08de-fdc261000000
< x-ms-version: 2018-11-09
< x-ms-creation-time: Fri, 13 Sep 2024 14:12:55 GMT
< x-ms-lease-status: unlocked
< x-ms-lease-state: available
< x-ms-blob-type: BlockBlob
< x-ms-server-encrypted: true
< via: 1.1 varnish, 1.1 varnish
< accept-ranges: bytes
< age: 0
< date: Sat, 26 Jul 2025 10:52:12 GMT
< x-served-by: cache-iad-kjyo7100176-IAD, cache-fra-eddf8230099-FRA
< x-cache: HIT, MISS
< x-cache-hits: 1, 0
< x-timer: S1753527133.770405,VS0,VE84
< content-disposition: attachment; filename=richdocuments-v8.5.0.tar.gz
< content-type: application/octet-stream
< content-length: 14147325
< 
* Connection #1 to host release-assets.githubusercontent.com left intact

That will only output certs if you’ve added additional ones beyond what gets distributed IIRC.

cURL is working flawless everywhere else.

Are you certain you don’t have a proxy configuration in Nextcloud? You didn’t fill out the support template we can only make wild guesses. Specifically the output of occ config:list system.

If you know where it happens, you could try to log more details about the certiciate as well…

Setting

allow_local_remote_servers => true

in config.php fixes the certificate problem. Even tough I think it fixes only the
symptoms and not the real reason for the problem the issue can be closed for now.
When I find the time, I will look into it more deeply. Thanks for the help.

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.